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Introduction 


This book is intended as an introduction to the topics of computer 
virtualization and the cloud. We will see how the topics come together. 


The book includes extensive reference and background material. It will not 
teach you to be an expert in virtualization or cloud technologies. It will teach 
you to understand and appreciate these topics, and how they fit into the big 
picture of computing. The best way to learn these technologies is to use them. 


How did we get where we are? Initially computers were big, unique, heavy 
mainframes with a dedicated priesthood of programmers and system 
engineers to keep them running. They were enshrined in specially air 
conditioned rooms with raised floor and access control. They ran one job at a 
time, taking punched cards as input, and producing reams of wide green- 
striped paper output. Data were collected on reels of magnetic tape, or large 
trays of punched cards. Access to these very expensive resources was 
necessarily limited. 


Then, a better idea evolved. Most of the time, the “big iron” was not 
computing, it was waiting. So, if we could devise a way to profitably use the 
idle time, we would increase the efficiency of the facility. This lead to the 
concept of time-sharing. There was a control program whose job it was to 
juggle the resources so that a useful program was always running. This came 
along about the time that remote terminals were hooked to the mainframe, to 
allow access from multiple, different locations. In a sense, the computer 
facility was virtualized; each user saw his very own machine (well, for limited 
periods of time, anyway). If the overhead of switching among users was not 
too great, the scheme worked. 


This evolved into a “client-server” architecture, in which the remote clients 
had some compute and storage capability of their own, but still relied on the 
server. 


And, in the background, something else amazing was happening. Mainframes 
were built from relays and vacuum tubes, magnetic core memory, and 
massive rotating magnetic drums for storage. Eventually, semiconductor 
devices began to take over. Semiconductor technology scales nicely. In fact, 


Gordon Moore of Intel formulated his famous law from observations that the 
complexity of the devices doubled every 18 months. This is an exponential 
growth curve. If we have 1 unit of memory in a package for a certain cost, in 
18 months we will have 2 units of memory in the same package for the same 
price. In 18 more months, 4 units, and so on. 


It doesn’t take long for this to really add up. And, the technology feeds on 
itself. The computers used to design and manufacture chips keep getting more 
and more capable. 


Now, our phones have orders-of-magnitude more compute and storage 
capability than mainframes. My tablet has more capability than my entire 
University had when I was an undergraduate. Such exponential growth laws 
can’t be sustained forever, but so far, so good. 


Rapid changes in technology that effect how we do things, or enable us to do 
new things, are called paradigm shifts. Sometimes these are gradual, and 
sometimes abrupt. Virtualization and the Cloud represent a paradigm shift. 


In the clients-server age, “personal” computers began to replace the remote 
(‘dumb’) terminals. At some point, there were no more servers, just a network 
of small computers that had more storage and compute capability than the 
original installation. It was cheaper, required less power, took up less room — 
this was working out well. 


As our desktop and personal computers got more capable, they could do more 
tasks at a time as well. As I type, this computer has 79 active processes. The 
operating system switches between them. As I type, using both my fingers, 
the computer is also checking for new email, running virus checks, sending 
status updates, checking memory, file cleanup, spellchecking, etc. 


Digital communications has its own exponential growth curve as early 
telephone-system based interconnects lead to the Arpanet Project, to the 
development of a worldwide communication infrastructure. On top of this, 
Tim Berners-Lee built a virtual network, the World Wide Web. 


Think about how you use your computer. Sometimes you are creating a 
document, other times a spreadsheet. You check email now and then, and surf 
the web for news and shopping. You really don’t want a computer. You want 


a document machine, and a spreadsheet machine, and an email machine, and a 
web access machine, maybe a gaming machine. But that takes up a lot of 
space. Computers are both versatile and fast. They can be all these things. So, 
I present the idea that your computer is a virtual document machine, a virtual 
email machine, a virtual gaming machine. 


Now, one thing that mainframes did well was managing large databases of 
important data. Not just Government data such as tax information, social 
security records, and Veterans affairs, but commercial data, banking, 
insurance, credit card accounts, medical data. For a lot of reasons, including 
security, this should be hosted at one place (with two other places as backup). 
This brings us back to a client-server model. But technology has marched on, 
and the mainframe has mostly been replaced with racks of “servers.” These 
machines are pretty much what you have on your desk, minus the keyboard 
and monitor. They have massive amounts of disk storage, and maybe access 
to robotic optical media libraries. When you need your credit card statement, 
you request that from your bank, and the bank’s server in its data center 
fetches that information and supplies it to you. 


Do you know where the bank’s data center is? Do you care? The bank may 
not have its own data center, but rent this function from a vendor. The vendor 
has a vast air-conditioned and secure facility...somewhere. The location of 
the hardware is not important. The service is. The facility provides services to 
a large number of companies, each of which rents a virtual data center. 
Hardware is shared, but data are not. The resources you rent can be dynamic — 
you might need more compute power at the end of the month, but not all the 
time. Does the customer know where the computers are? Due diligence says 
he should. But he doesn’t have to. 


The customer avoids having to build and maintain a secure data center, and a 
back-up site buried in a mountain somewhere, hiring technical people, sizing 
the faculty for maximum load, assuring continuous power and cooling, etc. 
Computing as a commodity is the concept. 


The data center has been virtualized. To the customer, it is located...in the 
Cloud. 


Large online companies such as Amazon and Google have multiple, massive 
data centers to serve their own needs. They are very good at data center 


design and operation for their own uses, and have excess capacity. They rent 
this (or, give it away to customers.) Where is my Google data? In the Cloud. 


“But could you be a little more specific? What’s the zip code?” 


“You don’t need to know that. Your data are available from multiple locations 
around the world, 24x7, with a 99.99999x% rating.” 


“But I want to know where my data is!” 
“Your call has been very important to us. Have a nice day....” 


Ok, get over it. You don’t need to know where your data is. You need to 
know it’s accessible and safe. You have an online address where you can get 
to it. Its somewhere in cyberspace. It’s not in a leaky warehouse of magnetic 
tapes, like it used to be. 


Besides data, you can have those data center computers actually run programs 
for you. That’s called Commodity Computing. Pay per gigabyte, pay per 
billion instructions. Where’s the computer? In the Cloud. 


Virtualization of resources is an abstraction (as a mathematician would say), 
or just pretending, if that is better for you. Virtualization is the key to Cloud 
Services. 


How is it done? Well, read the rest of this book, and you’ll get the idea. 
The goals of this book are: 


e To provide basic information for an understanding of 
virtualization techniques. 

To stress the importance of this technology. 

To understand how the hardware and the software interact. 
To understand the role of the hypervisor. 

To examine various examples of virtualization. 

To see how virtualization enables the Cloud. 

To gain an understanding of how the technology can be 
applied. 


The importance of this topic. 


Virtualization provides a powerful tool for software development, testing, 
security, and operational environments. The Cloud architecture provides 
economy of scale in computing by shared resource usage. With virtualization, 
multiple “guest” operating systems can be run simultaneously under control of 
a “hypervisor.” These guest operating systems do not need to all be the same. 
The Hypervisor manages the physical resources of the computer for the 
various guest operating systems, much as the operating systems do for the 
application code. The hardware resources include the central processing units, 
the various hierarchies of memory, and the input/output. 


Virtualization can be implemented by many methods, from purely software to 
hardware-assisted. Virtualization allows for server consolidation. It can ease 
migration and upgrade. It can save money. It will cost money 


Master these technologies or be mastered by them. 
Author 


Mr. Stakem has developed and taught a virtualization course at Loyola 
University in Maryland, for the Graduate Department of Computer Science. 
He has previously taught courses in computer architecture and digital 
communications. He was previously involved with virtualization on the IBM 
S/360 Model 67. 


He also taught an Embedded Systems course for the Johns Hopkins 
University. 


He has previously published on the topics of RISC computer architecture, the 
Intel IA-32, the Transputer, and Massively Parallel machines, and spacecraft 


onboard computers. 


He has supported various NASA projects for many years. 


Roadmap 


We start with a review of Computer Architecture. These are the technical 
details. If you already know this, or begin to fall asleep, skip ahead. 


Let’s all get on the same page. What is it that we are virtualizing? 


Computer Architecture 


A computer has elements of processing, memory, and input-output. We’ll 
discuss these in turn. 


Central Processing Unit 


A computer performs arithmetic and logic functions on data, and provides 
flow of control. The arithmetic functions we would like to have performed are 
additional, subtraction, multiplication, and division. Actually, as we will see 
later, if we can subtract, we can do any of these operations. Multiplication can 
merely be repeated addition. The logical operations on binary data include 
inversion, AND, OR, Exclusive OR, and derivative functions such as 
Negated-AND (NAND), Negated-OR (NOR), and Negated-Exclusive OR 
(NXOR). Actually, for two binary symbols, there are 16 possible functions. 
Only some of these have names (and are useful). As with the mathematical 
functions, some can be represented as combinations of others. We’ll look at 
mathematical and logical functions applied to binary data, and how the 
mathematical functions can be expressed in terms of the logical ones. 


The Von Neumann Architecture says there is no distinction between the code 
and the data. This was an observation by John von Neumann of the Institute 
for Advanced Studies at Princeton University. While consulting for the Moore 
School of Electrical Engineering at the University of Pennsylvania, von 
Neumann wrote “First Draft of a Report on the EDVAC” (computer). The 
paper described a computer architecture in which the data and the program are 
both stored in the computer's memory in the same address space. Before this, 
it was the custom to have separate code and data storage (the Harvard 
architecture), and they were not necessarily the same size or format. Von 
Neumann observed that the code is also data. Most modern microprocessors 


10 


are this style. For speed, especially in digital signal processors, designers 
revert to the older Harvard architecture, with separate code and data stores, as 
this gives a speed-up in accessing from memory. 


The fetch/execute cycle 


This section discusses how an instruction gets executed. The basic process is 
referred to as the fetch/execute cycle. First the instruction is fetched from 
memory, and then the instruction is executed, which can involve the fetching 
and writing of data items. 


Instructions are executed in steps called machine cycles. Each machine cycle 
might take several machine clock times to complete. Machine clock cycles are 
very fast, currently, billionth’s of a second. If the architecture is pipelined, 
then each machine cycle consists of a stage in the pipeline. At each step, a 
memory access or an internal operation (ALU operation) is performed. A state 
machine in the CPU logic, driven by a clock source, sequences machine 
cycles. 


A register called the program counter contains the location in memory of the 
next instruction to be executed. The contents of the program counter get 
automatically updated as the instruction executes. The address of the next 
instruction to be executed (not necessarily the next adjacent instruction) is put 
in the program counter. A register is a temporary holding memory for data, 
and is part of the CPU. At initialization time (boot), the program counter is 
loaded with the location of the first instruction to be executed. After that, it is 
simply incremented, unless there is a change in the flow of control, such as a 
branch or jump. In this case, the target address of the branch or jump is put 
into the program counter. 


The first step of the instruction execution is to fetch the instruction from 
memory into a special holding location called the Instruction Register. At this 
point, the instruction is decoded, meaning a control unit figures out, from the 
bit pattern, what the instruction is to do. This control unit implements the ISA, 
the instruction set architecture. Without getting too complicated, we could 
have a flexible control unit that could execute different ISA’s. That’s possible, 
but beyond the scope of our discussion here. 
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With the instruction decode complete, the machine knows what resources are 
required for instruction execution. A typical math instruction, for example, 
would require two data reads from memory, an Arithmetic Logic Unit (ALU) 
operation, and a data write. The data items might be in registers, or memory. 
If the instruction stream is regular, we can pipeline the operation. We have 
stages in the pipeline for instruction fetch, instruction decode, operand(s) 
read, ALU operation, and operand write. If we have a long string of math 
operations, at some point, each stage in the pipeline is busy, and an instruction 
is completed at each clock cycle. But, if a particular instruction requires the 
result of a previous instruction as an input, the scheme falls apart, and the 
pipeline stalls. This is called a data dependency, and can be addressed by 
having the software compiler optimizing the code by re-ordering. This doesn’t 
always work. When a change in the flow of control occurs (branch, jump, 
interrupt), the pipeline has to be flushed out and refilled. On the average, the 
pipeline speeds up the process of executing instructions at the cost of 
complexity. 


A special purpose hardware device, purpose-built, will always be faster than a 
general-purpose device programmed or configured for a specific task. This 
means that purpose-built hardware is the best, yet least flexible choice. 
Programmability provides flexibility, and reduces the cost of change. A new 
approach, provided by FPGA technology, gives us the ability to reconfigure 
the hardware and well as the software. The impact of this on virtualization has 
not yet been assessed. 


Besides the integer processor, we can have a specialized floating-point unit 
(FPU) that operates on floating point operands, or other specialized 
architectures. 


Parallelism 


The limitations to computer performance tend to be either the instruction rate 
of the CPU itself, or the channel capacity of the various data paths involved. 
One approach to increased performance is parallelism. 


Multiprocessing allows us to apply the resources of multiple CPU’s and their 


associated memory's to a single problem. If one CPU is fast, aren’t more 
CPU’s faster? Maybe. 
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Symmetric multiprocessing (SMP) involves multiple integral processor units 
with a common memory, and sharing an operating system. Processors are 
interconnected with busses, a mesh, point-point, or other communications 
methods. The bottleneck to scalability is the bandwidth of the interconnect. 
Mesh schemes avoid this bottleneck, at the cost of complexity, and can 
provide near linear scalability. The trick is in the programming. Different 
programming philosophies are required in the multiprocessing environment. If 
the problem is “embarrassingly parallel,” it will scale in terms of the number 
of resources applied. Pathological non-parallel problems do not scale across 
multiple resources. Support for SMP is required at the operating systems 
level, and visibility of the parallelism is necessary at the language level. There 
is a paradigm shift on the part of programmers, from the sequential, one thing 
at a time world, to the parallel, simultaneous approach. 


The symmetric part of the architecture allows any processor to be assigned 
any task. The alternative is to have groups of different architectures, each 
optimized to a different data structure or task set. In SMP, tasks can be moved 
around for load balancing. 


Up to about eight processors, a shared bus architecture can work well. Newer 
schemes use NUMA, non-uniform memory access, which allocates different 
sections of memory to different processors. Processor accesses to local 
memory are fast, and to another processor’s memory more costly in time. 
Clustered multiprocessing makes use of large groups of commodity 
computing resources linked with a common operating system designed for the 
environment. An example is the Beowulf cluster technique using Gnu-Linux, 
pc's, and the Linux-based Beowulf clustering software, originally developed 
at NASA’s Goddard Space Flight Center. 


Some performance enhancements come from the architecture of the 
multiprocessor. For example, interrupt processing can be offloaded to a non- 
busy CPU. Interrupts are discussed in the Input/Output section. 


One issue is how interrupts are handled in multiprocessing. How are interrupts 
steered to the proper processor? It is a function of the operating system. In the 
same way that processes are assigned to certain processors, interrupts and 
their associated interrupt handling are also assigned. Binding interrupts to 
specific cpu’s is not necessarily the proper approach, since this approach does 
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not improves hits in cache memory Multiple interrupts can overload the 
selected processor. Handling interrupts is a task, and task allocation is a 
function of the operating system. A multiprocessing operating system is 
required to manage the unique issues of multiprocessor hardware. 


A multicore processor has multiple CPU and memory elements in a single 
chip. Being on a single chip reduces the communications times between 
elements, and allows for multiprocessing. Advances in microelectronics 
fabrication techniques lead to the implementation of multicores for desktop 
and server machines around 2007. It was becoming increasingly difficult to 
increase clock speeds, so the obvious approach was to turn to parallelism. 
Currently, in this market, quad-core, 6-core, and 8-core chips are available. 
Besides additional CPU’s, additional on-chip memory must be added, usually 
in the form of memory caches, to keep the processors fed with instructions 
and data. There is no inherent difference in multicore architectures and 
multiprocessing with single core chips, except in the speed of 
communications. The standard interconnect technologies are applied to inter- 
core communications. 


We can compare multicore devices to large multiprocessor machines of some 


10 years past, in the same sense that we can compare a single-chip CPU to 
large mainframe systems of 20-25 years ago. 
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Memory and storage 


Parkinson’s Law: “in computers, programs expand to fill all available 
memory.” 


There are many types of memory used with the current CPU’s. Most memory 
types are supported, if the word sizes and timing match. There is a small 
amount of memory on the CPU chip itself. This would be the various 
registers, and in later versions of the chip, some cache memory. Most of the 
primary memory is placed on the same circuit board as the CPU, and can be 
soldered in place, or can take the form of plug-in modules. This memory is 
random-access. Some of it will be persistent, read-only memory, but more 
will be read-write, volatile memory. Secondary memory, with rotating 
magnetic disks, may be used along with optical disks for large offline storage. 
Flash memory, a type of persistent storage, is coming down in cost and up in 
capacity to be considered as an alternative to disks. Non-volatile memory 
retains its contents without applied power. 


Computer memory is organized in a hierarchy. The basic unit of storage is the 
byte, a collection of 8 bits. We would like to have large amounts of low 
power, fast, non-volatile storage. These requirements are mutually exclusive. 
The memory closest to the CPU is fast, random-access, volatile, and 
semiconductor-based, but expensive. Secondary storage, such as disk, is 
slower, cheaper, persistent, and cheaper on a cost-per-bit basis. Backup 
storage, offline optical or magnetic, is still cheaper per bit, but may have 
along access time. 


Mass storage includes magnetic and solid state disks to hold large data sets. 
This storage can be made removable. Non-volatile RAM, such as battery- 
backed static memory can also be used. 


Other characteristics of interest include memory latency, the time it takes to 
access the requested item, and throughput, the read or write rate of the 
memory device. Some memory may have a relatively slow latency, but a very 
high throughput, once things get going. 


All in all, we have come a long way since computers stored bits as acoustic 
waves in a pool of mercury, and instructions were punched into paper tape. 
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RAM 


In RAM, random access memory, any element accessible in the same clock 
time, as opposed to sequential media, such a tape or a disk. In sequential 
media, the access time varies, and depends on the order of access. This is true 
for disks, where the item requested probably just went by the read heads, and 
another rotation of the platter is required. Of course, mechanical systems, in 
operation, tend to wear out due to mechanical causes. 


A memory can be considered as a black-box with two functions, read and 
write. With the write function, we present the memory with two inputs: the 
data item, and an address. There is no output. The memory associated the data 
item with the address and remembers it. On the read function, we present the 
memory with the address, and expect to get back the data item previously 
associated with it. 


Other design choices in memory include volatility. The memory may forget 
after a period of time. That's not good. Although, depending on the timing, the 
data can be read out and written back just in time. 


Is there such a thing as totally non-volatile memory? One of the earliest 
memory types, magnetic core, was persistent when the power was turned off. 
It is unclear how long the data was retained. When compact disks, an optical 
media, first came out, the advertised lifetime was reported as 100 years. This 
has since been reduced, with some cd and DVD’s becoming unreadable in a 
period of several years. (A DVD is a cd with a greater capacity, because the 
wavelength of the laser light used is smaller, so the bits are smaller). If you 
want to see persistent color graphical information, the cave paintings at 
Lascaux in France are more than 17,000 years old, and still maintain their 
meaning. Magnetic hard disks do not forget their contents when the power is 
turned off. If they are properly stored, and not exposed to bumps, magnetic 
fields, and extremes of temperature, they seem to have the best data retention 
characteristics of currently available media. Exchangeable floppy disks have 
alignment problems in their readers, and magnetic tape drives use a fragile 
media that is susceptible to damage and environmental effects. 


Volatile memory includes static semiconductor ram and dynamic ram. Static 
ram uses a flip-flop, and retains its contents as long as the power remains. 
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Static ram is faster, less dense, and consumes more power than dynamic ram. 
Dynamic RAM is denser, usually by a power of 4, due to a simpler structure, 
but requires refresh. It forgets in fractions of a second, because the 
information is stored as a charge on a capacitor, which leaks away. Why 
would anyone use this as a storage media? It is cheap, easily mass produced, 
the “forget” time is eons to a computer chip, and the overhead of the refresh 
operation is minimal. The CPU usually does the refresh, because the memory 
is not usable during that time. The memory can be organized into sections, so 
a refresh in one section still allows access in others. Some DRAM is self- 
refreshing. In the IBM-pc architecture, a fake-dma is used to signal a refresh 
operation in progress. 


Memory organization 


Semiconductor memory, like all microelectronics, is a 2-dimensional 
structure. Thus, density usually goes up by a factor of four, as we double the 
width and the height. Memory is a very regular structure, amenable to mass 
production. 


In random access memory we address bytes, or words. We get a collection of 
bits every time we read memory. To address individual bits within a word, we 
need to use the logical operations (AND, OR) to single out bits within a word. 


Caches 


This section discusses the concept of a cache in generic computer architecture 
terms. A cache is a temporary memory buffer for data. It is placed between 
the processor and the main memory. The cache is smaller, but faster than the 
main memory. Being faster, it is more expensive, so it serves as a transition to 
the main store. They may be several levels of cache (L1, L2, L3), the one 
closest to the processor having the highest speed, commensurate to the 
processor. That closest to the main memory has a lower speed, but is still 
faster than the main memory. The cache has faster access times, and becomes 
valuable when items are accessed multiple times. Cache is transparent to the 
user; it has no specific address. 


There can be different caches for instructions and data, or a unified cache for 
both. Code is usually accessed in linear fashion, but data items are not. In a 
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running program, the code cache is never written, simplifying its design. The 
nature of accessing for instructions and data is different. On a read access, if 
the desired item is present in a cache, we get a cache hit, and the item 1s read. 
If the item is not in cache, we get a cache miss, and the item must be fetched 
from memory. There is a small additional time penalty in this process over 
going directly to memory (in the case of a miss). Cache works because, on the 
average, we will have the desired item in cache most of the time, by design. 


Cache reduces the average access time for data, but will increase the worst- 
case time. The size and organization of the cache defines the performance for 
a given program. The proper size and organization is the subject of much 
analysis and simulation. 


Caches introduce indeterminacy into execution time. With cache, memory 
access time is no longer deterministic. We can’t tell, a priori, if an item is or is 
not in cache. This can be a problem in some real-time systems. 


A working set is a set of memory locations used by a program in a certain 
time interval. This can refer to code or data. Ideally, the working set is in 
cache. The cache stores not only the data item, but a tag, which identifies 
where the item is from in main memory. Advanced systems can mark ranges 
of items in memory as non-cacheable, meaning they are only used once, and 
don’t need to take up valuable cache space. 


For best performance, we want to keep frequently-accessed locations in fast 
cache. Also, cache retrieves more than one word at a time; it retrieves a “line” 
of data, which can vary in size. Sequential accesses are faster after an initial 
access (both in cache and regular memory) because of the overhead of set-up 
times. 


Writing data back to cache does not necessarily get it to main memory right 
away. With a write-through cache, we do immediately copy the written item 
to main memory. With a write-back cache, we write to main memory only 
when a location is removed from the cache. 


Many locations can map onto the same cache block. Conflict misses are easy 
to generate: If array a uses locations 0, 1, 2, ... and array b uses locations 
1024, 1025, 1026, ..., the operation a[i] + b[i] generates conflict misses in a 
cache of size 1024. 
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Caches, then, provide a level of performance increase at the cost of 
complexity due to temporal or spatial locality of the data. The program is not 
aware of the location of the data, whether it is in cache or main memory. The 
only indication is the run time of the program. 


Cache hierarchy 


This includes the L1, L2, and L3 caches. L1 is the smallest and fastest cache, 
located closest to the CPU, usually on the same chip. Some CPU’s have all 
three levels on chip. Each of the levels of cache is a different size and 
organization, and has different policies, to optimize performance at that point. 


A key parameter of cache is the replacement policy. The replacement policy 
strategy is for choosing which cache entry to overwrite to make room for a 
new data. There are two popular strategies: random, and least-recently used 
(LRU). In random, we simply choose a location, write the data back to main 
memory, and refill the cache from the new desired location. In the /east 
recently used scenario, the hardware keeps track of cache accesses, and 
chooses the least recently used item to swap out. 


As long as the hardware keeps track of access, it can keep track of writes to 
the cache line. If the line has not been written into, it is the same as the items 
in memory, and a write-back operation is not required. The flag that keeps 
track of whether the cache line has been written into is called the dirty bit. 
This book does discuss the dirty bits of computer architecture. 


Note that we are talking about cache as implemented in random access 
memory of varying speeds. The concept is the same for memory swapped 
back and forth to rotating disk; what was called virtual memory in 
mainframes. 


Cache coherency in multicore/multiprocessor systems is a topic of major 
importance, that will be discussed later. 
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Cache organization 


In a fully-associative cache, any memory location can be stored anywhere in 
the cache. This form is almost never implemented. In a direct-mapped cache, 
each memory location maps onto exactly one cache entry. In an N-way set- 
associative cache, each memory location can go into one of n sets. Direct 
mapped cache has the best hit times. Fully associative cache has the lowest 
miss rates. 


TLB 


The Translation Lookaside Buffer (TLB) is a cache used to expedite the 
translation of virtual to physical memory address. It holds pairs of virtual and 
translated (physical addresses). If the required translation is present (meaning 
it was done recently), the process is speeded up. 


Caches have a direct effect on performance and determinacy, but the system 
designer does not always have a choice, when the caches are incorporated as 
part of the CPU. In this case, the system designer needs to review the cache 
design choices to ensure it is commensurate with the problem being address 
by the system. 


Memory Management 


Virtual memory is an abstraction. We pretend that we have more memory than 
is available in the system, but we only see a portion of this memory at a given 
time. The contents of the physical memory that we do have are managed by 
hardware, and are swapped in and out from secondary storage. Data is 
transferred in blocks. The program can be written without worrying about 
how much memory is available. Actually, if we add more physical memory, 
the systems will run faster, because fewer swaps are required. 


A memory management unit (MMU) translates memory addresses from 
logical/virtual to physical. This adds an overhead of translation to each 
memory access. In addition, the access time for the secondary storage may be 
a million times slower than for the primary memory, but it will be 100's of 
times larger, and certainly cheaper. There is also the energy consumption 
issue. 
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When the CPU accesses a desired item, it may be present in the memory, or 
not. If not, the process generates a Page fault, resulting in an interrupt, with a 
request for data item not currently resident. This requires clever programming 
to be an efficient process. Too many misses, and the process bogs down in 
overhead. 


The scheme requires data structures to keep track of what range of data 
addresses is actually present in memory, and registers or tables to allow 
arbitrary mappings of logical to physical addresses. 


There are two basic schemes: segmented and paged. The paged approach 
deals with fixed sized blocks of memory, and segmentation is more flexible in 
terms of size. Segmentation and paging can be combined as in the x86 
architecture. 


A separate MMU chip handles the address translation process, although this 
function is now incorporated into the CPU. The operating system is in charge 
of the data structures and the details of virtual memory management. 


Back when memory was a very expensive resource, it was common to swap 
memory images to and from disk. This was slow, of course, but did allow an 
abstraction in which the running program did not run out of memory. 


Virtual Disks can be created and used as files on a larger physical disk. In 
addition to memory management, other abstractions of memory are possible. 
In RAID, Redundant Arrays of Inexpensive Disks, we treat the raid disk as if 
it is a normal single disk. However, behind the scenes, it can be 5 or more 
physical disks to each virtual one. Multiple images are stored as an approach 
to error correction and data redundancy. This is transparent to the RAID disk 
user, and to the data. 
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Input/Output 


Communication interfaces in computer systems tend to use industry-standard 
interfaces. The usual computer communications methods of polled I/O, 
interrupt-based I/O, and direct memory access are applicable. The data 
communication can be serial (bit at a time) or parallel (many bits at a time). 


I/O Schemes 


Regardless how bits or signals come to a computer, there are several standards 
methods to sample them, or send them out. The various communication 
protocols define the physical connection (connectors) and electrical interface 
(voltages, etc.). Once we are at the processor chip boundary, and we are 
dealing with bits, there are three common schemes to read or write. These can 
be implemented in hardware or software. The three schemes are polled I/O, 
interrupts, or direct memory access. All of these schemes work with serial 
(bit-at-a-time) or parallel (many-bits-at-a-time) I/O. 


In polled I/O, the computer periodically checks to see if data is available, or if 
the communications channel is ready to accept new output. This is somewhat 
like checking your phone every 5 seconds to see if anyone is calling. There's a 
more efficient way to do it, which we'll discuss next, but you may not have 
anything better to do. Polled I/O is the simplest method. 


In Interrupt I/O, when a new piece of information arrives, or the 
communication channel is ready to accept new output, a control signal called 
an interrupt occurs. This is like the phone ringing. You are sitting at your 
desk, busy at something, and the phone rings, interrupting you, causing you to 
set aside what you are doing, and handle the new task. When that is done, you 
go back to what you were doing. 


A special piece of software called an interrupt service routine is required. 
This is similar to a subroutine call mechanism. The interrupt forces next 
instruction to be a subroutine call to a predetermined location. The return 
address is saved to resume executing foreground program. 


22 


Exception 


An exception is an internally detected error. Exceptions are like interrupts, but 
are synchronous with instructions. They are data dependent. There is an 
exception mechanism on top of interrupt mechanism. Exceptions are usually 
prioritized and vectorized. A trap, or software interrupt, is an exception 
created by an instruction. 


DMA 


Direct Memory Access is the fastest way to input or output information. It 
does this directly to or from memory, without processor intervention or 
overhead. It is a way to block-move data in a rapid fashion, other than by 
CPU read followed by CPU write for each item. 


Let's say we want to transmit a series of 32-bit words. The processor would 
have to fetch each word from memory, send it to the I/O interface, and update 
a counter. In DMA, the I/O device can interface directly to or from the 
memory. DMA control hardware includes housekeeping tasks such as 
maintaining the word count, and updating the memory pointer. 


DMA can also make use of interrupts. Normally, we load a word count into a 
register in the DMA controller, and it is counted down as words transfer to or 
from memory. When the word count reaches zero, an interrupt is triggered to 
the processor to signal the end of the transfer event. 


While the DMA is going on, the processor may be locked out of memory 
access, depending on the memory architecture. Also, if dynamic memory is 
being used, the processor is usually in charge of memory refresh. This can be 
also be handled by the DMA controller, but someone has to do it. 


One DMA scheme, used on the IBM pc, toggles between the CPU and the 
DMA device on a per-word basis. Thus, the processor is not locked out of 
fetching and executing instructions during a DMA, although the DMA 
operation is not as fast as it could be. 
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Also, DMA is not constrained to access memory linearly; that is a function of 
the DMA controller and its complexity. For example, the DMA controller 
might be set up to access every fourth word in memory. 


The DMA protocol uses a Request and Grant mechanism. The device desiring 
to use dma send a request to the CPU, and that request is granted when the 
CPU is able. This is similar to the interrupt request for service mechanism. A 
dma controller interfaces with the device and the CPU. It may handle multiple 
dma channels with differing priorities. The controller has to know, for each 
request, the starting address in memory, and the size of the data movement. 
For dma data coming in to ram, there is the additional complication of 
updating cache. 


During the dma transfer, the dma controller takes over certain tasks from the 
CPU. This includes updating the memory address, and keeping track of the 
word count. The word count normally goes to zero, and generates an interrupt 
to signal the CPU that the dma transfer is over. The CPU can continue 
execution, as long as it has code and data available. 


DMA in multicore systems is more exciting. In multicore, dma between the 
caches can be used as an inter-processor communication mechanism, and 
cache-cache transfers are supported. There is a cache coherency protocol 
between the various caches. It is the responsibility of the operating system to 
enforce this protocol, although hardware mechanisms (like the I/O coherent 
ARM Cortex A9) are appearing. This is usually implemented with a snooping 
mechanism, facilitated by hardware. A common cache coherency protocol is 
termed MESI, standing for Modified, Exclusive, Shared, and Invalid, referring 
to the possible states of each cache line. 


DMA support is the responsibility of the operating system, and modern 
operating systems handle the complexities of multi-dma in multicore systems. 


I/O virtualization can take several forms. We might, for example, virtualize a 
parallel printer port that the operating systems sees, but send the data to the 
physical printer over USB. We might also choose to virtualize multiple serial 
ports, or legacy IBM game ports, etc. In computer gaming, emulation 
(discussed a bit later) is used to implement the joystick ports that the legacy 
game expects. These used to be a common feature on pc’s. 
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Virtualization 


A computer is a general-purpose machine with compute, memory and 
input/output resources. We can virtualize any or all of these resources. 


Virtualization is an isomorphism from guest to host, if we want to get 
mathematical. We map the guest state to the host state, implement equivalent 
functions, and we get one machine pretending to be another, or a bunch of 
“others.” The key is, if you can touch it, it is the physical machine, the host. 
Otherwise it is the guest. Just like a guest at a resort, you get access to the 
resources you’ve paid for, but not total access. That’s reserved for 
management. 


There are many ways to do this. We can have hardware virtualization, where 
the host machine acts like a real machine with a real operating system that is 
stand-alone. Most importantly, it can act like several real machines. We can 
run Linux on a Windows machine or Windows on a Linux machine, or a 
bunch of Windows machines on a single host. 


We can have full virtualization, which is a complete or nearly complete 
simulation of the existing hardware. This allows the guest operating system 
and its applications to run unmodified. 


We can also have partial virtualization, where some but not all of the host are 
available. The guest operating system and the applications may need to be 
modified. 


In para-virtualization, the hardware environment is not simulated, but the 
guests operating systems need to be aware of the hypervisor. They are slightly 
modified versions of the base operating system. Paravirtualized guests 
generally run faster because of the lack of the emulation layer. 


Virtualization is hard, not just to implement but also to run. If it can get 
specific assistance from the platform hardware, it can run faster. This is the 
trend from the chip manufacturers; to add specific virtualization assistance in 
the chip design. 

In emulation, one piece of hardware pretends to be another. In hardware 
virtualization, software is used to imitate the hardware. 
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We can virtualize the desktop (of pc’s), the server environment, or various 
combinations. 

In this environment, users may not have full function pc’s but rather thin 
clients. These hark back to the client-server model. They don’t have extensive 
resources locally, but can access these resources over a network. 


Virtual machines can be snapshotted (checkpointed) to disk storage. You can 
then resume where you left off, with a stored copy. You can also migrate 
(“teleport”) the virtual machine to another virtual resource, and this can be 
done rather quickly, even as everything is running. This provides “hot- 
backup” and “‘fail-over” capability. 


Virtualization does not solve the software licensing issue. There is no issue 
with free and open source software, but proprietary software must be treated 
according to the supplier’s license terms. You can’t run one copy of 
Windows, for example, on multiple virtual machines. Both virtualization 
solution supplies and software companies are struggling to update license 
agreements to synchronize with the new technology. 
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Open Source versus Proprietary 


This is a topic we need to discuss before we get into software. It is not a 
technical topic, but concerns your right to use (and/or own) software. It’s 
those software licenses you click to agree with, and never read. That’s what 
the intellectual property lawyers are betting on. 


Software and software tools are available in proprietary and open source 
versions. Open source software is free and widely available, and may be 
incorporated into your system. It is available under license, which generally 
says that you can use it, but derivative products must be made available under 
the same license. This presents a problem if it is mixed with purchased, 
licensed commercial software, or a level of exclusivity is required. Major 
government agencies such as the Department of Defense and NASA have 
policies related to the use of Open Source software. 


Adapting a commercial or open source operating system to a particular 
problem domain can be tricky. Usually, the commercial operating systems 
need to be used “as-is” and the source code is not available. The software can 
usually be configured between well-defined limits, but there will be no 
visibility of the internal workings. For the open source situation, there will be 
a multitude of source code modules and libraries that can be configured and 
customized, but the process is complex. The user can also write new modules 
in this case. 


Large corporations or government agencies sometimes have problems 
incorporating open source products into their projects. Open Source did not fit 
the model of how they have done business traditionally. They are issues and 
lingering doubts. NASA has created an open source license, the NASA Open 
source Agreement (NOSA), to address these issues. It has released software 
under this license, but the Free Software Foundation has some issues with the 
terms of the license. The Open Source Initiative (www.opensource.org) 
maintains the definition of Open Source, and certifies licenses such as the 
NOSA. 


The GNU General Public License (GPL) is the most widely used free 


software license. It guarantees end users the freedoms to use, study, share, 
copy, and modify the software. Software that ensures that these rights are 
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retained is called free software. The license was originally written by Richard 
Stallman of the Free Software Foundation (FSF) for the GNU project in 1989. 
The GPL is a copyleft license, which means that derived works can only be 
distributed under the same license terms. This is in distinction to permissive 
free software licenses, of which the BSD licenses are the standard examples. 
Copyleft is in counterpoint to traditional copyright. Proprietary software 
“poisons” the free software, and cannot be included or integrated with it, 
without abandoned the GPL. The GPL cover the Linux operating systems and 
most of the Linux-based applications. 


A Vendor’s software tools and Operating system or application code is 
usually proprietary intellectual property. It is unusual to get the source code to 
examine, at least without binding legal documents and additional funds. 
Along with this, you get the vendor support. An alternative is open source 
code, which is in the public domain. There are a series of licenses covering 
open source code usage, including the Creative Commons License, the gnu 
public license, copyleft (alternative to copyright), and others. Open Source 
describes a collaborative environment for development and testing. Use of 
open source code carries with it an implied responsibility to “pay back” to the 
community. Open Source is not necessarily free. 


The Open source philosophy is sometimes at odds with the rigidized 
procedures evolved to ensure software performance and reliability. Offsetting 
this is the increased visibility into the internals of the software packages, and 
control over the entire software package. Besides application code, operating 
systems such as Gnu-Linux and bsd can be open source. The programming 
language Python is open source. The popular web server Apache is also open 
source. 
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Instruction Set Architecture 


The Jnstruction Set Architecture (ISA) defines the data types, the instructions, 
the internal architecture of the CPU, addressing modes, methods of interrupt 
handling, and input/output. The ISA is defined before the implementation of 
the hardware. It may be legacy, as is the case with the Intel 16-bit ISA, now 
extended to 64 bit, the ARM ISA, and IBM’s mainframes, the S/360, S/370, 
and subsequent units. The DEC Vax ISA is another example. 


The ISA defines what the processor does, not how it does it. There can be 
different implementations of the ISA that produce the same results with 
different methods. 


The ISA can be emulated or simulated on another machine. Hardware does 
not even need to exist to run an ISA. The Java Virtual Machine (JVM) was 
not intended to be instantiated in hardware, but was later implemented in 
hardware as an exercise. 


Data type definitions are part of the ISA. The available data types might 
include bits, nibbles, BCD, bytes, 16- 32- and 64- bit words, complex number 
pairs, floating point, double-precision floating point, pixels, etc. Now, the 
choice of binary over decimal is clear, as binary has the edge in 
implementation with current state-of-the-art microelectronics. When Charles 
Babbage designed his difference engine in the 1840’s, decimal seemed the 
better choice. This was partially due to the fact that Boole had not yet 
formulated his algebra, to show how logic functions could implement 
arithmetic. 


Instruction types in an ISA include data movement and operations on data. 
Data movement includes operations to input and output data from external 
devices, move data to and from registers, and to and from memory. 
Operations on data include the standard mathematical and logical operations. 
Control flow instructions provide a mechanism for the independent and data- 
dependent transfer of control. This group includes branches, jumps, loops, 
subroutine call and return, interrupt vectoring, and system calls. 


The instructions can provide additional features, such as block moves, stack 
operations, or an atomic test and set. This latter instruction helps 
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implementing coordination among multiple processes, using a mutual 
exclusion property. 


Instruction sets can also have complex entities to implement digital signal 
processing functions on data, or SIMD (single instruction — multiple data) 
constructs for processing vector data. 


Instructions can have fixed or variable length. Fixed length instructions are 
easier to pipeline. We can specify multiple operations within one instruction 
word, allowing more instructions to be fetched at one time. This is the basis 
for the technique called very long instruction word (VLIW). 


The instruction set can be rich and redundant (complex instruction set 
computer- CISC) or reduced (reduced instruction set computer (RISC). In the 
limit, we might have a one instruction set computer (OISC), a zero instruction 
set computer (ZISC), or a no instruction set computer (NISC), which are 
interesting academic abstractions. 


An instruction consists of several parts, the op code, and the operands. The op 
code is usually the leftmost part of the instruction, the first to be fetched, and 
thus allowing for the decoding process to begin as the operands (data) are 
fetched. There may be zero, one, two, three, or more operands. The standard 
logical or mathematical operation is a function of two (input) variables, and 
produces a single output. 


Output = function ( inputl, input2 ) 


A standard number of operands, then, would be three. We can reduce this to 
two, if one of the input operands is destroyed by the operation, and used as the 
output. If our data structures allows, we might have implied, or zero, 
operands. This would be the case in a stack architecture, where all the action 
takes place at the top of the stack. When we say “ADD” the operand at the top 
of the stack is added to the next operand on the stack, and the result is put on 
the top of the stack. In a VLIW architecture, we may have multiple sets of op 
codes and operands in a single instruction word. 


Implementation of the instruction set can take many forms. The instruction 


decoding can be hardwired, or table-driven. Hardwired instruction decoding 
is fast, but not flexible or changeable. Table-driven instruction decoding 
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allows for the possibility of additions to the instruction set. An ISA can also 
be implemented in a software emulator, which is a computer program that lets 
one computer pretend to be something else. These emulators are good for 
checking logical correctness, but do not attempt to duplicate instruction 
timing. 


Software compiled for one ISA will not run on hardware with a different ISA. 
That’s where emulation, or virtualization comes in handy. 
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Protected mode in JIA-32 


This discussion is specific to the Intel x86 architecture. Protected Mode, 
introduced on the 32 bit architectures, is the key to memory management in 
IA-32. Because of the need to support 16-bit legacy features on 32-bit 
hardware at the time, the implementation was complex. 


Operating systems such as OS/2, UNIX, Linux, bsd, and Windows take 
advantage of Protected Mode's advanced features. For example, multiple 
copies of DOS can run under UNIX, sharing system resources transparently. 
The 640k memory barrier of DOS is artificial. 


The 80386 enters real mode at reset. This mode is comparable with 8086. By 
software, you can command an entry to protected mode. On the 80286, it 
wasn’t easy to get back to real mode via software. On the 80386 and 
subsequent processors, you can. 


In protected mode, you have all the features of real mode, plus: 
Virtual Addressing 


The physical address space is what you have to work with. The virtual address 
space is what you pretend to have to work with. The processor does the 
dynamic mapping between virtual and physical address. This memory 
management technique is called address translation, and requires additional 
overhead on each memory access. 


With virtual memory, you can write applications that assume you have 1 
gigabyte available, and rely on the operating system to swap the correct 
virtual memory pages into and out of the existing physical memory. This, of 
course, takes time. 


Virtual memory 
We can use hard disk space used as memory, in the form of a swap file. Disk 
memory is much less expensive than semiconductor memory, but much 


slower as well. The virtual memory is mapped through regular memory. In 
additional to the penalty of the speed, there is extensive software overhead as 
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well in the translation process. Thrashing refers to the scenario where the 
system is caught up in swapping memory, without getting anything else done. 


In the Intel scheme, the high memory area is the first 64k of extended 
memory. Through a quirk of the addressing scheme, this can be addressed in 
real mode. 


To understand the physical address calculation process in protected mode, we 
should first review the Physical Address Calculation in real mode. There is a 
16-bit segment specifier plus a 16-bit offset. The address is in two 16-bit 
parts, a segment and an offset. We shift the segment part over to the left by 
four bits (or, equivalently, multiply it by 16), and add the offset. We get a 20- 
bit result. 


Physical address = segment * 16 + offset 


This provides a 20-bit physical address which spans 2° = 1 megabyte of 
address space. 


In protected mode, there is a 16-bit segment selector plus a 16-bit offset 
concatenated to yield a 32-bit virtual address. The virtual address is what the 
running program uses. The system converts the virtual address to a physical 
address (in real time) that goes out over the memory bus to the system’s 
memory. There is more virtual memory than real memory. The bookkeeping 
is handled by the system, partially in hardware and partially in software. 


Along with protected mode, Intel introduced the ring model of privilege, 
modeled on the earlier UNIX approach. There are 4 concentric layers, where 
the innermost is the most trusted, and the outermost is the user program. This 
model is in use to the present day. The innermost layer is now used for the 
Hypervisor, and the next layer down for the operating system. But, there are 
problems to this implementation that complicate it. We’ll see those later. 


The base address of the segment in memory is not calculated by multiplying 
the segment specifier by 16, but rather by indexing a table in memory. This 
table, previously set up by the program or operating system, is called the 
descriptor table. It contains more than just the address translation information. 
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The Selector Table contains entries called selectors. Selectors contain three 
fields: 


The Requested Privilege Level (RPL), 
The Table Indicator (TI), and 
Index (I) 


The RPL field does not concern address translation, but is used by the 
operating system to implement privilege level protection. It is a number 0-3. 
The intent is to prevent a less-privileged program from accessing data from a 
more privileged one. 


The TI field specifies the table to be used by the Global Descriptor Table (TI 
= 0) or the Local Descriptor Table (TI = 1). These are data structures residing 
in memory, and set up by the operating system. The Global Descriptor Tables 
registers point to global Descriptor Tables. The Descriptor Table Registers 
can be read and written by specific instructions; the GDTR by the instructions 
LGDT and SGDT, and the LDTR by LLDT and SLDT. 


The Index is a pointer into the table. Descriptors are 8 bytes long. The index 
item is a 24-bit address for the corresponding segment (on the 80286. 32-bits 
on 80386 and subsequent). 


The 24-bit address obtained from the selector table look-up is added to the 16 
bit offset to form a 24-bit physical address. Overflows are ignored, thus 
addresses wrap around. 


If TI = 0 (GDT) and Index = 0, this is the null selector. If it is used for address 
translation, it results in an exception. 


The index field is 13 bits, so a descriptor table can have up to 2" descriptors. 
Each describes a segment of 2'° bytes. So, each task can have a private 
memory space of 2” bytes. A segment is 64k bytes on the 80286. On the 
80386 and subsequent, with 32-bit offset addresses, the virtual address space 
is 2* bytes. 


Segment descriptors are located in the descriptor table. They consist or two 


parts, a base address and a limit. They contain status and control information 
for access. They provide a link between a task, and a segment in memory. 
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Memory descriptors specify a type, code or data. Code is executable, data can 
be read-only or read-write. These distinctions are imposed by the data 
structure; the memory is Von Neumann, and read-write. The Type field 
differs for code and data. The code segment can be accessed, can be readable 
or not, and is conforming or not. The data segment can be accessed, write-able 
or not, and expands up or expands down (like a stack). 


The access byte contains an indicator bit about whether the segment is 
physically present in memory or not. 


Another complication of protected mode includes the fact that the math 
coprocessor (80387) also has a protected mode, and interrupt servicing in 
Protected Mode involves an Interrupt descriptor table, interrupt gates, and call 
gates. 


In protected mode, calling and jumping involve an inter-segment FAR call 
through a call gate. The privilege level of the caller is checked against the 
privilege of the called program (in the gate descriptor). It the level is not good 
enough, a general protection fault (INT 0D,) is generated. 


Before entering protected mode, all of the necessary data structures such as 
the descriptors tables, must be properly set up. This is an operating system 
function. Then the LMSW (load machine status word) instruction is executed, 
with the PE (protection enable) bit = 1. Simple, But.... First, the instruction 
queue must be flushed. This is because the instructions were fetched in real 
mode, but are executed in protected mode. How do we flush the queue? 
Simply do a short jump to the very next location beyond the jump. Jumps 
force an instruction queue flush. The astute reader will notice that the short 
jump is fetched in real mode and executed in protected mode, but that’s ok — it 
works. 


Return to real mode simply requires resetting the PE bit by instruction. 


Another concept that came along with Protected Mode was that of tasks. 
There can be many tasks in the system, only one running at a time. These are 
controlled by the operating system (itself a task) with the TSS- Task State 
Segment structure. This contains the task state (essentially, register contents). 
The processor has a task register for the currently running task that is user- 
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visible. There are also pointers (not visible) to the TSS. The Task register is 
loaded and stored with the LTR/STR instructions. The TSS descriptor looks 
like a descriptor that we have talked about, but has an idle/busy bit. Tasks are 
not re-entrant under this scheme. 


The Task gate descriptor is an indirect, protected way of accessing a task. It 
resides in the GDT. A task that does not have enough privilege to use the TSS 
descriptor can call another task through a gate in the LDT. 


Task switching is managed by the operating system, and involves controlled 
calls and jumps. Interrupts are also managed. 


Virtual-86 mode was introduced in the 80386 as an 8086 emulation mode. 
The 80386 can implement multiple 8086 environments running 
“simultaneously” in protected environments. These are virtual machines. 
There are some minor differences in how memory above | megabyte is 
treated. 


Page level protection was implemented on the 80386 and subsequent 
processors. This involves a user/supervisor bit, and supervisor write 
protection. Paging uses smaller, fixed-size memory blocks. Segmentation uses 
larger, variable size blocks. Page mode is enabled with a single bit. It can be 
used with segmentation, as an additional layer of protection, with additional 
overhead. Pages in the x86 are 4096 bytes, at an address divisible by 1000,. 
The page directory and tables are used to control the pages. CR3, the control 
register, has the page frame address or the page directory in the high order 20 
bits. The page directory can hold 1 million entries. Each entry is a pointer to a 
page table. The page table contains pointers to physical memory. 
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The Operating System 


Software turns the machine you have into the machine you want. 


An operating system (OS) is a software program that manages computer 
hardware and software resources, and provides common services for 
execution of various application programs. Without an operating system, a 
user cannot run an application program on their computer, unless the 
application program is itself self-booting, and handles its own I/O and storage. 


For hardware functions such as input, output, and memory allocation, the 
operating system acts as an intermediary between application programs and 
the computer hardware, although the application code is usually executed 
directly by the hardware and will frequently call the OS or be interrupted by 
it. Operating systems are found on almost any device that contains a 
computer. The operating system functions need to be addresses by software 
(or possibly hardware), even if there is no entity that we can point to, called 
the Operating System. In simple, usually single-task programs, there might 
not be an operating system per se, but the functionality is part of the overall 
software. 


An operating system manages computer resources, including: 


¢ The CPU. 
¢ Memory. 
° TO. 


¢ Tasks/processes/application programs. 


The operating system arbitrates and enforces priorities. If there are not 
multiple software entities to arbitrate among, the job is simpler. An operating 
system can be off-the-shelf commercial or open source code, or the 
application software developer can decide to build their own. To avoid 
unnecessary reinvention of the wheel an available product is usually chosen. 
Operating systems are usually large and complex pieces of software. This is 
because they have to be generic in function, as the originator does not know 
what application space it will be used in. 
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Adapting a commercial or open source operating system to a particular 
problem domain can be tricky. Usually, the commercial operating systems 
need to be used “as-is” and the source code is not available. The software can 
usually be configured between well-defined limits, but there will be no 
visibility of the internal workings. For the open source situation, there will be 
a multitude of source code modules and libraries that can be configured and 
customized, but the process is complex. The user can also write new modules 
in this case. 


A device driver is a special piece of software that interfaces the operating 
system to an external device. It is specifically associated with the device, and 
its details. It would typically be supplied with a particular hardware I/O 
device, but if you design the hardware, you’re on your own for the driver 
software. The use of industry standard interfaces helps. Since the device 
driver is also part of the operating systems, it has design and implementation 
constraints from that direction as well. Device driver design is more 
complicated than that of regular code, but there are templates and how-to 
guides available. 


Process 


A process is a software entity managed by the operating system. Processes 
can be in one of three states, executing, ready, or waiting. The process is one 
instance of a program; multiple processes, including multiple instances of a 
single process, may be involved. A process includes the resources (context) it 
needs to execute. A program may result in multiple processes. Multitasking 
allows multiple processes to share resources, managed by the operating 
system. Time-sharing is a common form of multitasking. This is an 
improvement over the scenario where each program has to run to completing 
before the next can start. Task switching occurs depending on various criteria. 
A fair task switching scenario allocates equal time to each process. Another 
scheme is to allow processes to run until a resource they require is not yet 
available. There is a major distinction in process scheduling between 
conventional computers, and those intended for real-time systems. 


Processes are sometimes called tasks. Workstations and servers allow equal 
access to CPU cycles. This is a fairness approach. 
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A thread of execution 1s the smallest unit of processing that can be scheduled 
by the operating system. Multiple threads can exist in the same process, and 
share resources with other process threads. A process or task is an 
independent entity, but a thread is a part or subset of a process. Processes need 
more state information than threads. Context switching between threads is 
thus quicker. Threads are managed by the operating systems, as are tasks. 
Threads are supported in most modern higher level languages. 


Thrashing refers to areas of resource contention in the system. It is usually an 
operating system problem. A shared resource in contention will result in 
thrashing. Unrestrained processes share resources like kids share a candy bar 
on a playground — not well, without adult intervention. 


Communication between processes is handled by the operating system. This 
can take the form of message passing, or a shared mailbox area. Inter-process 
communication can take the form of blocking or non-blocking. With blocking, 
the sending processes waits for and requires a response. In non-blocking, the 
data is just broadcast. 


A shared memory approach has some memory in common between processes. 
A race condition, or contention for access is possible. A hardware feature, the 
atomic test and set mechanism, which assures exclusive access to a data item, 
addresses this. 


A message passing approach uses real or virtual channels between processes 
to send messages, with the operating systems as the postmaster. This is 
sometimes called the software bus. 


In a single processor system, only one process can be executing at a time. Ina 
multicore system, one can be executing on each core. On a single processor, 
we can implement multithreading as time-division multiplexing of threads. 
Multiple CPU cores can be multithreaded as well. 


The operating system provides an interface between an application program 
and the computer hardware, so that an application program can interact with 
the hardware only by obeying rules and procedures programmed into the 
operating system. The operating system is also a set of services which 
simplify development and execution of application programs. Executing an 
application program involves the creation of a process by the operating 
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system kernel which assigns memory space and other resources, establishes a 
priority for the process in multi-tasking systems, loads program binary code 
into memory, and initiates execution of the application program which then 
interacts with the user and with hardware devices. 


How does the processor get started? In a process equivalent to pulling 
yourself up by your bootstraps, the computer executes a specific sequence at 
start-up. Upon power-on, a simple circuit generates a RESET signal to the 
processor. RESET is a special interrupt. The RESET signal takes the 
processor to a known predefined state. 


In a typical boot process, registers are loaded with fixed values, and the 
processor starts executing code from a fixed physical address (which assumes 
there’s code there). The next step is to test and initialize the hardware. After 
that, the Master boot record is read from a non-volatile storage device, or 
possibly a communications link. This gets the operating system into memory. 


Power-On-Self-Test, or POST, executes a rudimentary series of tests of the 
system components. This is a difficult task conceptually, because the 
computer hardware tests itself. Assumptions must be made about minimal 
functionality. 


The boot software is considered part of the operating system, but can support 
different operating systems in dual-boot or multi-boot systems. 


Operating Systems 
Some examples of off-the-shelf operating systems include: 
Android 


The Android operating system by Google has found application in numerous 
smartphone and tablet computers since its introduction in 2008. It is an Open 
Source product based on Gnu-Linux, although not all of the code is covered 
by Open source licenses. It is evolving into versions for set-top boxes, phones, 
and digital television applications. Android supports several hardware 
computing platforms including ARM, POWER, x86, and MIPS. 
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Like Java, Android provides a virtual machine execution engine for a given 
hardware platform. This virtual machine is termed Dalvik. Its strengths are in 
memory-limited systems, and those with hard real time requirements. Android 
is targeted to user input from touch, with a screen using icons. Android uses 
the Gnu-Linux kernel, plus middleware, libraries of code, and API’s. The user 
community supports a large library of applications for Android. Android has 
standard support for power management. 


BSD 


BSD is a desktop/server open source operating system BSD, the Berkeley 
Software Distribution. BSD is a derivative of UNIX, from Bell labs, dating 
from 1977. There are multiple variations of BSD, targeting different problem 
domains, some of these include FreeBSD, OpenBSD, DesktopBSD, PC-BSD, 
and NetBSD. BSD influenced SunOS, Windows, and Apple OS X. BSD code 
is available under very permissive license terms. Device drivers in BSD are 
part of the kernel, and run in privileged mode. Symmetric multiprocessing is 
supported. 


GNU/Linux 


GNU/Linux is a UNIX variation, written originally for the x86 architecture by 
Linus Torvalds. There are several enhancements to the GNU/Linux kernel 
that address soft real time and some hard real time issues. Being free and open 
software, there are very many GNU/Linux variations. 


Linux-from-scratch allows one to build a custom GNU/Linux system, 
including the modules that are needed, and leaving out those that are not. In 
the end, you will know more about the GNU/Linux operating system that you 
wanted to know. The advantage of being able to choose what goes into the 
build is the ability to construct a minimalist system with small footprint. It 
does require, however, a good understanding of the interrelationships between 
modules, and the mechanics of the build process. 


Microsoft Windows 
Windows is a proprietary operating system from Microsoft Corporation. It 


supports the x86 architecture. Originally 16 bits, it transitioned through 32- 
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bits, and now supports 64-bit architectures. It is a follow-on to the early DOS 
(disk operating system) for 16 bit machines. It now supports the latest 64-bit 
multicore hardware. 


A small yet critical part of the operating system does not come from 
Microsoft, but, rather comes with the computer hardware. It is code in a read- 
only memory that is used to load the operating system after power-on. It can 
actually load any convenient operating system that is located on the bootable 
device (usually, a disk). This software is called the BIOS. 


The basic input output subsystem (BIOS) is a small, tightly written piece of 
code that is invoked after a hard reset. It generally resides at a known area of 
memory, usually in a read-only memory, and runs to completion. Most bios 
allow for extension code that is entered after the main BIOS is completed. The 
functions of the bios include: hardware configuration, hardware checking, 
implementation of rudimentary I/O control, and hand-off of control to the rest 
of the operating system. 


Solaris 


Solaris is the UNIX (System 5, release 4)-based operating systems by Sun 
Microsystems. It is proprietary, but an Open source version is also available. 
Solaris was first released in 1993. Oracle Corporation now owns Sun 
Microsystems. Solaris support the Sun Sparc- based systems, as well as the 
x86. It supports symmetric multiprocessing on multiple CPU’s, and has been 
extended to 64-bit support. OpenSolaris runs on IBM mainframes. 
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Implementing Virtual Machines 


There are two top level approaches to virtualization, the Process Virtual 
Machine, and the System Virtual machine. These two approaches differ in the 
implementation of the relationship of the Hypervisor and the operating 
system(s), with respect to the ring model of security. We will discuss this 
model in the section on X-86 virtualization. 


The System Virtual Machine 


In this approach, the guest, or hosted operating system operates unmodified in 
a virtualized environment. These can support a hardware environment that no 
longer exists, or does not exist yet. It can support legacy, obsolete platforms. 
This process is also known as hardware virtualization. It can support multiple 
operating system environments simultaneously, and they do not have to be the 
same. The environments are isolated. Within the environment, the ISA can 
differ from that of the base hardware, using a technique called dynamic 
instruction translation. However, in this approach there is overhead due to the 
software virtualization layer. Virtual machines are actually affected in 
performance by the other virtual machines using baseline resources such as 
compute cycles. 


In this approach, the guest OS’s do not need to be compliant with the 
hardware (the real hardware). The sandbox approach (discussed in the 
security section) is used to test systems under development, before operational 
deployment. 


The Process Virtual Machine 
A process virtual machine supports a single process. That single process 
provides a virtual model or abstraction of a certain machine model. Operating 


systems cannot operate in this environment unmodified, as they do not see the 
actual hardware. A good example is the Java Virtual Machine. 


Hypervisor — the operating system’s operating system 
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A hypervisor is a virtual machine manager. It manages virtual resources, 
including operating systems. It presents to a guest operating system a standard 
platform interface. Examples include XEN, VmWare, and QEMU. 
Hypervisors are top-level software supervisors that control the allocation of 
resources to multiple operating systems. Embedded hypervisors support real- 
time operations. The Hypervisor serves as a virtual machine manager. The 
Hypervisor runs on the host machine, and support one or more guest 
environments. The name dates from 1965, from a use on an IBM S/360 
mainframe. The System 360 model 67 introduced dynamic address 
translation, which enabled the virtualization. 


Hypervisors are characterized as Type 1 (runs directly on the hardware) or 
Type 2 (runs on an operating system). 


In addition, we can have VM’s defined in high level languages. Java is the 
prime example. The IBM VM360 operation is another example. 


Paravirtualization 


Paravirtualization refers to a technique that uses a software model of certain 
hardware. The guest operating system must be aware of the paravirtualization. 
The technique has been in use since at least 1972, when it was used on IBM’s 
VM environment for S/360 mainframes. Paravirtualization usually handles the 
otherwise hard to virtualize parts of the host instruction set or hardware. 


In a completely virtualized system, the guest operating systems runs 
unmodified under a hypervisor. Paravirtualization provides performance 
enhancements and efficiencies by having the guest OS and the hypervisor 
communicate. In a completely virtualized system, the guest OS is unaware of 
the hypervisor, and thinks it is running on the base hardware. The XEN 
hypervisor uses paravirtualization. 


Full virtualization, on the other hand, uses binary translation for certain 
instructions after they generate a trap (interrupt) during execution. These 
instructions are then emulated by software. There is a performance hit with 
this process. Full virtualization is provided in IBM S/370 mainframes, Virtual 
Box, VMware workstation, and Virtual PC. 
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Emulation 


Emulation refers to a hardware, software, or combination that duplicates or 
imitates the environment of one computer on another. The real computer and 
the emulated one need not be the same. A Turing machine, the computer 
abstraction from Alan Turing, would be the perfect emulation host. The term 
emulation was first used at IBM in 1963. As IBM developed new models of 
mainframes, they provided the ability to run code from earlier models on the 
new machine as an ease to migration. The software did not need to be 
rewritten for the new machine, a big cost savings. 


Emulation applies to peripherals as well. Non-HP printers, for example, 
emulate the operation of HP Printers, to take advantage of certain HP-specific 
device drivers and application software. When the interface is a standard, this 
process makes sense. If the interface is proprietary, the details can be worked 
out, but there is a danger of infringing on intellectual property rights. IBM 
pe’s were often tasked as replacements for older CRT terminals, another 
example of emulation. 


An example of a hardware emulator was the MS-DOS card for Apple 
computers, which actually had the Intel chip on it, as opposed to the 6502 
CPU on the main board. 


Virtual machines can also provide emulation. 
Transmeta Crusoe 


A particularly interesting niche CPU chip was the Transmeta Crusoe, circa 2000. 
It used a very long instruction word (VLIW) approach internally, with a built-in 
X-86 emulator, and just-in-time translation. In addition to the x86, other 
instruction set architectures could also be emulated. The Transmeta chips were 
designed to be low power, for laptop applications. 


Other early x86 implementations that used emulation or translation of X86 
instruction to internal RISC (reduced instruction set computer) instructions 
included NexGen, the PowerPC 625, the IMS 6250, the Toshiba Tigershark 
(which translated x86 to MIPS), the AMD K6, K7, and others. This approach 
avoided proprietary Intel implementation details, while maintaining 
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compatibility with the industry-wide ISA. By the introduction of the Pentium-II 
and Pentium-III, Intel was also translating x86 to an internal optimized RISC 
instruction set. This could be argued to be virtualization in hardware. The chips 
presented an IA-32 face to the outside world, but did things differently 
internally. So differently, it turns out, that code optimizations for different 
implementations (Intel, AMD, and others) were very different. What was 
optimal in one implementation may have been exactly the wrong thing to do in 
another. 
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Examples 


This section will present some examples of commercial and open source 
products for virtualization. This will illustrate the wide variety of approaches 
to virtualization. This is by no means an exhaustive list of the virtualization 
products available. 


VmWare 


VmWare is the leading commercial supplier of virtualization products. 
VmWare also supports Cloud Products. In the baseline VmWare model, 
VmWare Workstation is used to develop virtual machines. It can be hosted on 
Windows or Linux, and the latest version requires a x86-64 bit machine. 
VmPlayer, a free product, is used to run the virtual machines. VmWare also 
maintains a large library of over a thousand “virtual appliances,” which are 
user-contributed, preconfigured virtual machines, compatible with the Player. 
64-bit guests are supported, and hardware assist (Intel or AMD) is required. 


In VmWare, a virtual machine runs on a virtualized Intel 440BX motherboard 
with the NS338 chip set. It uses the Phoenix BIOS 4.0. The virtual machine 
can have up to 4 IDE storage devices. Guests can have up to eight virtual 
processors, giving 8-way symmetric multiprocessing. The guest may use a 
virtual (file-base) floppy, or a real drive, if the host includes one. Virtual 
machines can have four serial and three parallel ports, as well as usb ports. 
Virtual Ethernet cards are included. Support for sound devices is also 
included. A virtual machine can be snapshotted, the image saved, and 
returned to later. 


VmWare also offers MVP, the Mobile Virtual Platform for ARM- 
based/Android mobile devices such as smart phones. 


VirtualPC 


This is a proprietary product from Microsoft Corporation for the Windows 
Operating System. The various versions of Virtual PC, from as early as 2004, 
are hosted on operating systems prior to Windows 7, and support guest 
operating systems from MS-DOS to Windows-XP. The latest version at this 
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writing, Windows Virtual-PC runs on Windows 7, and does not support guest 
operating systems earlier than Windows-XP. 


The software virtualizes a standard pc architecture. It was originally 
developed by the Connectix Company as a Macintosh application in 1997. It 
allowed implementing a virtual pc on a Mac computer. Connectix was 
acquired by Microsoft in 2003. Microsoft had the software modified to run 
and host the OS/2 operating system. The software for the pc platform was 
available for free. 


Macintosh versions have been discontinued. Because of the difference in 
underlying architectures (Intel versus PowerPC), the code uses dynamic 
translation of x86 code to PowerPC code. 


Virtual PC for Windows-7 is available for free for the advanced versions of 
Windows-7, and can take advantage of hardware acceleration. It has a 
Windows-XP mode. Microsoft recommends reserving 15 Gigabytes of hard 
disk space for each VM. 


The virtualized environment presents a 32-bit Pentium-II processor, using the 
Intel 440BX chipset, a standard VESA graphics card with 4 MB of video ram, 
AMI BIOS, Creative Labs Sound Blaster Audio, and a DEC 210x4x Ethernet 
card. 


Normally, the guest (virtualized) operating system and programs can only 
communicate with the host via a virtual network connection, just like two 
physical machines linked by a network. Beyond this, the concept of 
integration components allows the sharing of the base hardware and 
peripherals between the host and the guest. For example, only one program 
can access the mouse at a given time, but this is switchable between 
environments. Resources such as audio, printers, disk drives, and the 
clipboard can be shared between environments, controlled by access rights 
from the host. Multiple guest operating systems can be running. Linux is not 
officially supported as a guest operating system, but can be made to work. 
Guest, or virtualized operating systems, are limited to 32-bit mode. 


48 


Microsoft Virtual Server 


Virtual Server works on Windows XP and Windows Server 2003. It supports 
Windows and Linux guest operating systems, as well as 64-bit and 
Symmetrical MultiProcessing (SMP) for the host only. Virtual Server was 
developed by Connectix in 2003. Microsoft made Virtual Server free in 2006 
to compete with VMware and XEN. Virtual Server has been officially 
discontinued, and the follow-on product is Microsoft’s Hyper-V. 


Hyper-V 


Microsoft’s Hyper-V is the follow-on to Windows Server Virtualization. It is 
a hypervisor on x86-64 systems, released in 2008. It comes as a no-cost stand- 
alone product and in an installable version for Windows Server 2012. 


Hyper-V uses the concept of a partition to isolate virtual machines. There are 
parent and child partitions. Code in child partitions do not have a direct view 
of the hardware. 


Guest operating systems can include 32- and 64-bit versions of Windows 
(back to Windows XP) and selected Linux versions, including SUSE and Red 
Hat Enterprise editions. The input-output virtualization process is termed 
Enlightened I/O. and emulated I/O is also provided. Virtualized COM (serial) 
or USB ports are not supported, nor is audio hardware. In the guest virtual 
machines, optical drives are read-only. 


DOSBox 


DOSBox is free emulation software that presents an older IBM pc architecture 
running MS-DOS. Its primary purpose is to support older, popular pc-based 
games that expect specific hardware configurations. DOSBox is command- 
line, just like MS-DOS. Some features of DOS such as the printer parallel port 
are not needed by games, and not included. DOSBox emulates the x86 CPU, 
in both real and protected mode. It achieves speed by dynamic instruction 
translation from a 80386 to the modern host CPU. 


DOSBox has excellent emulation of peripherals such as graphics and sound 
cards. Disk drives in the DOS environment are mapped to a directory on the 
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host. Virtual modems are supported over TCP/IP. It can operate with or 
without an actual copy DOS. DOSBox runs under Microsoft Windows. 


Wine 


Wine is free and open source software that allows X86 Windows programs to 
run in UNIX environments (Linux, bsd, OS-X, and Solaris). The name was 
originally said to be the acronym for Windows emulator, but has come to 
mean the recursive “Wine Is Not an Emulator.” It is still an active project, 
with current ports for the ARM architecture, and 64-bit pc’s. 


The project was started in 1993, and was influenced by Sun’s Wabi for 
Solaris, which allowed Windows programs to run in the Sun Solaris 
environment. 


Open source projects such as Wine are often hampered by lack of access to 
detailed information on proprietary interfaces. This was the case for Wine for 
the Windows API (Applications Program Interface). Clever reverse 
engineering is usually called for, and this is the forte of many open source 
advocates. Wine provides the ability to run 16-bit Windows programs on a 
64-bit CPU. 


QEMU 


QEMU (Quick emulator) is open source software that acts as an emulator and 
virtual machine. It emulates a CPU via dynamic binary translation of 
instructions. 


In user mode emulation, it runs single Linux or Mac-OS programs on x86 
hosts. In computer emulation mode, it provides a complete virtual computer 
system with peripherals. Several virtual computers can be provided on a 
single host, subject to available resources. It hosts Windows, DOS, Solaris, 
Linux, and BSD. It can emulate X86 (32 and 64 bit) , ARM (v5, 7, 9, and 
XScale), MIPS, MicroBlaze, PowerPC and SPARC (32- and 64- bit) 
platforms. Simulating multiple CPU’s for an SMP configuration is possible. 


KVM 
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The Kernel-based virtual machine runs on Linux, and requires hardware 
assist. Versions are available for 32- and 64-bit x86 architecture, PowerPC, 
and ARM. Supported guest operating systems include Windows, Linux, BSD, 
and others. 


VirtualBox 


VirtualBox, from Oracle Corporation, runs on Windows, MAC OS-X, Linux, 
FreeBSD, Solaris, and OpenSolaris. It is an open source product. It was 
originally developed by Innotek GmbH. The software is loaded as an 
application, as provides virtual environments for guest operating systems. 
Hardware assist for virtualization can be used if it is available from the host. 
There is a common clipboard for the host and guests, as well as a virtualized 
network. The product does support 64-bit guests, and up to 32 virtual CPU’s 
per guest. 


IBM Mainframe Virtualization 


The IBM System/360 Mainframe series was introduced in 1964. A small 
number of special models (the 67) supported virtual memory with a large 
address translation unit. That allowed a special operation system version for 
timesharing, TSS/360. This software was not successful, and was replaced by 
CP-67, which is still used on IBM Mainframes today. And, yes, mainframes 
are still in use. There are probably more working today then ever before. 


The ACP operating system, a derivative of the Sabre system developed for 
airline reservation systems, also implemented virtualization. 


The System S/370 models, successor to the S/360, included virtual memory 
support. The VM/370 operating system implemented virtual machines. 


XEN 
XEN is a hypervisor from the Computer Laboratory at the University of 


Cambridge, UK. It is free and open source software, available for the IA-32, 
IA-64, and ARM architectures. It was initially released in 2003. 


SI 


XEN is a “bare-metal” hypervisor, operating at the most privileged level of 
the cpu. The systems boots directly to XEN. Operating systems run under 
XEN. XEN manages a series of domains, including one virtual machine that 
has unique access to the hardware. This software, called dom0, is based on 
Linux, NetBSD, or Solaris. Other domains can contain Windows, Linux, or 
bsd guests. 


XEN supports hardware acceleration features from Intel and AMD. XEN 
support is included in the Linux kernel. A large number of Internet hosting 
companies use the XEN product to provide private virtual servers in the 
Cloud. Virtual machines under XEN can migrate for one host to another, 
achieving workload leveling and redundancy. Virtual machines can be 
migrated while running, needing only a few hundred milliseconds of pause. 
XEN makes use of QEMU to emulate pe hardware. 


Guest operating systems are implemented in one of two modes, chosen by the 
administrator. In paravirtualization mode, the guest operating system is 
modified for performance and simplicity, avoiding the need to emulate a 
complete set of hardware services. Unmodified guests can also be supported, 
by hardware-assisted virtualization. This can be provided in the Intel, AMD, 
and ARM architectures. 


XEN can run on up to 255 physical cpu’s, and host up to 128 virtual CPU per 
guest environment. Although the XEN hypervisor is Open Source software, 
several commercial version using the hypervisor are also available for specific 
application domains. 


The XEN Cloud Platform (XCP) is also free and open software, and includes 
the hypervisor. It is a turnkey solution to server virtualization and pooling of 
resources in a Cloud architecture. 


Embedded XEN was introduced in a white paper in June 2012 by Prof. Daniel 
Rossier. XEN is available for the ARM architecture, and can run on ARM- 
based mobile devices. It uses Android as the host, and addresses real-time 
systems support and multiprocessing. Like all XEN products, it is free and 
open source software. Support for hardware assist to virtualization in ARM, 
and the ARM 64-bit architecture, are being incorporated into XEN. 
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Solaris Containers 


Solaris Containers allows operating system level virtualization for x86 
machines on SPARC-based Solaris systems. A zone in the context of the 
system is a isolated virtual server under the operating system. A container is a 
set of resources delineated by a zone. There is one Global zone, with multiple 
other zones. Each zone has virtual network connections and private storage. 
The cpu is shared among the zones. More than 8,000 zones can be supported, 
and they are implemented with a low overhead. A zone can support, for 
example, a Solaris-8 or -9 environment under Solaris -10, or Red Hat Linux 
on Solaris-10. 


Wabi 


Wabi is a commercial software product from Sun Microsystems that allowed 
16-bit Windows programs to run under the Solaris Operating System. It was 
originally developed in 1990. A version was developed to run Windows 
applications under Linux. Under Solaris, Wabi required a Windows 3.1 (or, 
Windows for Workgroups) operating system to be installed. Hosted on Sparc 
workstations, Wabi provided dynamic code translation. 


DOSEMU 


DOSEMU is a program that allows the MS-DOS operating systems to run 
under Linux on x-86 machines. An 8086 emulator is included to allow for the 
use of Virtual 8086 mode on 64 bit architectures (which has been dropped by 
Intel). It supports legacy DOS applications software. It runs in the Protected 
Mode of the host system, which presenting a Real Mode for the guest DOS. It 
handles all of the DOS and BIOS System calls. DOSEMU is free and open 
source software. 


Parallels 
The Parallels product is commercial software with a hypervisor that allows 
the guest operating system direct access to the system hardware. In 2006, the 


product was released for the Apple Mac platform. There is also a version that 
provides multiple virtual machines on the pc architecture, which can run 
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Windows or Linux guests. When present, the hardware acceleration features 
are used. Is also a server virtualization package for the Mac platform. 


The Java Virtual Machine 


Java is an object-oriented language with a syntax similar to that of c. The 
language is compiled to bytecodes which are executed by a Java Virtual 
Machine (JVM). The JVM is hosted on the computer hardware, and is an 
instruction interpreter program. Thus, the Java language is independent of the 
hardware it executes on. The JVM has also been instantiated directly in 
hardware. 


The JVM is a software environment that allows bytecodes to be executed. 
There are standard libraries to implement the applications programming 
interface (API). These implement the Java runtime environment. Other 
languages besides Java can be compiled into bytecode, notably Pascal, ADA, 
and Python. JVM is written in the c language. 


The JVM can emulate and interpret the instruction set, or use a technique 
called Just in Time (JIT) compilation. The latter approach provides greater 
speed. The JVM also validates the bytecodes before execution. 


The bytecode is interpreted or compiled. Java includes an API to make up the 
Java runtime environment. Oracle Corporation owns Java, but allows use of 
the trademark, as long as the products adhere to the JVM Specification. The 
JVM implements a stack-based architecture. Code executes as privileged or 
unprivileged, which limits access to some resources. 


The Android Virtual Machine 


The Android operating system by Google has found application in numerous 
smartphone and tablet computers since its introduction in 2008. It is an Open 
Source product based on Gnu-Linux, although not all of the code is covered 
by Open source licenses. It is evolving into versions for set-top boxes, phones, 
and digital television applications. Android supports several hardware 
computing platforms including ARM, POWER, x86, and MIPS. 
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Like Java, Android provides a virtual machine execution engine for a given 
hardware platform. This virtual machine is termed Dalvik. Its strengths are in 
memory-limited systems, and those with hard real time requirements. Android 
is targeted to user input from touch, with a screen using icons. Android uses 
the Gnu-Linux kernel, plus middleware, libraries of code, and API’s. A large 
library of applications for Android is supported by the user community. 
Android has standard support for power management. 


Dalvik is the process virtual machine for Google Android. It is being ported to 
other platforms as well. Applications in Java are compiled to byte code, but 
then are converted to Dalvik executables. These are typically optimized for 
systems with limited speed and memory, such as cell phones. The Java Virtual 
Machine is a stack architecture with 8-bit instructions, but the Dalvik Virtual 
machine is a traditional register architecture, with 16-bit instructions. Dalvik 
also supports a just-in-time compiler. Dalvik is an open-source product. 
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Hardware assist to virtualization 


Hardware assisted virtualization is an example of platform virtualization. It 
uses assistance from the hardware to provide full virtualization, so unmodified 
guest operating systems can be supported. The technique was first used on 
IBM System/370 mainframe machines in 1972. The operating systems was 
VM/370. 


X-86 virtualization 


X86 virtualization allows for multiple x-86 operating systems to share base 
x86 resources simultaneously, and is an example of hardware virtualization. 
This was originally done by complex software. Hardware support included in 
newer generations of cpu chips vastly simplified the process. 


In Intel’s defined Protected mode, the operating system kernel runs at a high 
privilege (ring 0) and applications at a low privilege level such as ring 3. One 
approach is to run the hypervisor at ring 0 privilege, and the operating system 
at a lower level. Certain operating system instructions require certain ring 
levels to be able to execute, however. Binary translation can be used to 
replace these with other instructions that will execute at a lower level. The 
process is called trap and emulate, but this involves overhead. 


Hardware support to virtualization, provided by both Intel and AMD, involves 


both the privileged instructions, and MMU support. These were implemented 
in different ways. 


Intel-VT 


Intel’s initial hardware virtualization support, called “Vanderpool” was 
released on Pentium 4 models in 2005. I/O virtualization can be enabled in the 
BIOS. 


AMD-V 


AMD’s approach to virtualization support was initially called AMD Secure 
Virtual Machine, and was available in 2006 on the Athlon-64 series of chips. 
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A second generation virtualization approach, simply called AMD 
virtualization, involved an AMD-developed technique called Rapid 
Virtualization Indexing, using nested page tables. The presence of 
virtualization support can be determined by accessing the CPU flag. 


ARM 


The ARM architecture Cortex-Al5 has added virtualization support in 
hardware and extended the physical memory address range. A second-level 
memory management unit extends the address range to 40 bits (one Terabyte). 
In addition, support for cache coherency has been added. 


Virtualization is done with a second stage of address translation with its own 
page tables. I/O can be virtualized. The Hypervisor runs in a new privilege 
mode, unique to it. The mode is entered with a Hypervisor Call, instead of the 
previous Hypervisor Trap. The Virtualization privilege mode is a new third 
privilege level. There is the user code level, the operating system level, the 
Hypervisor level, and a TrustZone Privilege level, at the top. 


Trust Zone is the ARM term for a security extension to the architecture. It 
provides hardware access controls via virtual machines. 


In the ARM scheme, before virtualization, the Operating System controls the 
memory resource. There is a second level of address translation. Where 
virtual addresses used to map to physical addresses, they now map to 
Intermediate addresses, which are then mapped to physical addresses by the 
Hypervisor. 


Interrupts are another issue. An interrupt might need to go to the current or 
another guest operating system, the Hypervisor, or an operating system in the 
TrustZone. Physical interrupts go to the Hypervisor first; if they need to go to 
a guest operating system, this is handled by a “virtual” interrupt. 


Since the ARM architecture uses memory-mapped I/O, that process is also 


virtualized. Virtual devices are created by emulation. Embedded XEN 
addresses the ARM architecture. 
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Security in Virtual Systems 


Virtualization can enhance or detract from security. 


Some of these issues are addressed by existing protocols and standards for 
access and communications security. Security may also imply system stability 
and availability. 


A security assessment of a system involves threat analysis, target assessment, 
risk assessment, countermeasures assessment, and testing. This is above and 
beyond basic system functionality. 


The completed functional system may need additional security features, such 
as intrusion detection, data encryption, and perhaps a self-destruct capability. 


Virus and malware attacks on desktops and servers are common, and an entire 
industry related to detection, prevention, and correction has been spawned.. 
Attacks on new technology such as cell phones, pda’s, tablets, and GPS 
systems are emerging. Not all of the threats come from individuals. Some 
large government-funded efforts as well as commercial entities seeking 
proprietary information or market position. Security breaches can be inspired 
by ideology, money, or fame considerations. The CERT (Computer 
Emergency Response Team) organization at Carnegie Mellon University, and 
the SANS Institute (SysAdmin, Audit, Networking, and Security) track 
security incidents. 


Techniques such as hard checksums and serial numbers are one approach to 
device protection. Access to the system needs to be controlled. If unused ports 
exist, the corresponding device drivers should be disabled, or not included. 
Mechanisms built into the cpu hardware can provide protection of system 
resources such as memory. 


Security has to be designed in from the very beginning; it can’t just be added 
on. 


Even the most innocuous platform can be used as a springboard to penetrate 
other systems. It is essential to consider security of all systems, be aware of 
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industry best practices and lessons learned, and use professional help in this 
specialized area. 


Sandbox 


Sandbox is the term used to describe a method to separate programs in secure 
domains. A sandbox has a controlled set of resources for the guest code, 
which can be application code, or a guest operating system. Virtualization 
facilitates the setting up of sandbox environments for security test. 
Particularly restrictive sandboxes are called jails. 
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Virtualization of Embedded Systems 


Virtualization in embedded systems is enabled by multicore technology. This 
allows us to assign applications to processor cores, with proper regard for 
determinism. One approach is to have a “real-time” core and a non-real-time 
core. Utilization of processors and load-leveling is secondary to determinism. 


Multicore techniques enable some techniques that were not previously 
available. In the embedded world, the cores do not necessarily need to be the 
same. Actually, this technique was used when to Intel floating point co- 
processor, the 80387, was incorporated onto the same chip as the integer 
processor, the 80386, in the design of the follow-on 80486 chip. Today, 
multiple integer cores can share the same silicon substrate with specialized 
floating point, digital signal and vector processing, and specialized media and 
video engines. The individual cores can implement superscalar, super- 
pipelined, or other optimization techniques. Essentially, we will shortly have a 
MIMD (multiple instruction, multiple data) parallel processing chip for 
embedded applications. Nothing is ever free, though. The challenge will be in 
the programming. 


Virtualization has been successfully applied in servers for some time, but 
there are unique problems in the real-time embedded world. Determinism and 
consistency are important, with resource balancing nice, but not essential. A 
mechanism for scaling real-time processes across multiple cores is required. 
This mechanism is provided in software. Threads have to have direct control 
over I/O interfaces. 


Different cores can be running different OS’s. Communication between cores 
can be via shared memory (or cache) and/or specific message-passing 
interfaces. Inter-core communication does not need to leave the chip 
boundary. Core can be connected in various network topology’s, such as bus, 
ring, mesh, or torus. If part of the system involves a human-machine interface, 
this can be hosted on its own core, so as to minimize impact on the real-time 
part of the system. 


With multicore, we have the option of segregating real-time and non-real time 


tasks, hard real time from soft real time. An embedded virtualization manager 
(VM) software controls the entire process. With hardware virtualization assist 
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built into the cores, the VM can be invisible to the underlying operating 
systems. The VM is, essentially, an operating system for operating systems, 
managing and orchestrating resources such as I/O, memory, and time. Actual 
hardware resources are virtualized, but virtualized models of non-existent 
interface and hardware may also be provided. This provides a mechanism for 
support of legacy interfaces. 


The resources that are present in the virtual machine can be mapped from the 
real machine, or defined in terms of the basic I/O resources available. We can 
define and use virtual resources by modeling in software, even if they don’t 
actually exist. 


The latest use for Cloud services are mobile robots, who access large amounts 
of storage, and computation assets as needed, without having to carry them 


around. 
The Cloud 


Cloud Computing refers to a virtualized data center, accessible via high- 
bandwidth network connections. Its location is irrelevant to the applications. 
This allows the data center to be located in an area that is convenient to cheap 
electrical power, more secure, or where less cooling is required. Cloud 
computers provide utility computing services — units of computation on 
demand or on reserve. Administration of the data center and the virtual 
resources are centralized, and become port of the cost of services. This 
approach provides economy of scale to computer utilization. It allows 
company’s to have large computing resources without the overhead of 
maintaining them. The computing or data services are delivered as services 
over a network. 


Cloud Computing is economical because it allows sharing of the hardware 
resources without sharing the data. There’s nothing magic going on. People 
who know what they’re doing build, maintain, and manage the data center and 
its resources. If you’re good at building widgets, not computing, you can buy 
computing as a service. This works because of the growth of high speed 
networks, mostly optical, driven by demand of the Internet. 


Computing as a utility is the same concept as public utilities for water, 
electricity, gas, and, for that matter, the road network. These are resources that 
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represent large capital investment, and provide services to multiple user’s, 
who pay for their potion of use. 


Amazon is widely regarded as being a major driver of the concept of Cloud 
Computing. They needed large amounts of hardware and data to manage their 
business. But, most of the time they had excess capacity for the average case, 
because of the need to address the maximum case. Amazon deployed the 
Cloud Model in their own datacenters, and rented out excess capacity. 
Amazon Web Services is a utility. At Acme Widgets, where they are very 
good at what they do, their compute and data requirements are both platform 
and location independent. Amazon or a number of other facilities can rent 
them secure storage and as much compute time as they need when they need 
it. As with most commodities, the pricing model sets price by demand. At the 
end of the month, when every one does their accounting reports, computing is 
more expensive. Defer that by a week, and get better rates. 


The Cloud model is scalable and elastic. It is easy to incorporate more 
hardware resources, and to power them down when they are not needed. They 
is enough spare hardware up and running to not only take care of peak 
demand, but to provide spares in case of failures. Virtual machines can be 
moved between compute platforms. A technique called load leveling monitors 
and optimizes the use of the hardware. This is the same process the electrical 
utilities use to determine that they have to bring additional generators online 
to meet peak air conditioning demand. 


The National Institute of Standards and Technology issued a definition of 
Cloud Computing. This was authored by Peter Mell and Timothy Grance, and 
is NIST Special Publication 800-145 (September 2011). National Institute of 
Standards and Technology, U.S. Department of Commerce. It is a short 
document, available for download. It says, 


The five essential characteristics they define are: 
“On-demand self-service. A consumer can unilaterally provision computing 
capabilities, such as server time and network storage, as needed automatically 


without requiring human interaction with each service provider. 


Broad network access. Capabilities are available over the network and 
accessed through standard mechanisms that promote use by heterogeneous 
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thin or thick client platforms (e.g., mobile phones, tablets, laptops, and 
workstations). 


Resource pooling. The provider’s computing resources are pooled to serve 
multiple consumers using a multi-tenant model, with different physical and 
virtual resources dynamically assigned and reassigned according to consumer 
demand. ... 


Rapid elasticity. Capabilities can be elastically provisioned and released, in 
some cases automatically, to scale rapidly outward and inward commensurate 
with demand. To the consumer, the capabilities available for provisioning 
often appear to be unlimited and can be appropriated in any quantity at any 
time. 


Measured service. Cloud systems automatically control and optimize resource 
use by leveraging a metering capability at some level of abstraction 
appropriate to the type of service (e.g., storage, processing, bandwidth, and 
active user accounts). Resource usage can be monitored, controlled, and 
reported, providing transparency for both the provider and consumer of the 
utilized service.” 


Service Models 


Software as a Service (SaaS). The capability provided to the consumer is to 
use the provider’s applications running on a cloud infrastructure2. The 
applications are accessible from various client devices through either a thin 
client interface, such as a web browser (e.g., web-based email), or a program 
interface. The consumer does not manage or control the underlying cloud 
infrastructure including network, servers, operating systems, storage, or even 
individual application capabilities, with the possible exception of limited user- 
specific application configuration settings. 


Platform as a Service (PaaS). The capability provided to the consumer is to 
deploy onto the cloud infrastructure consumer-created or acquired 
applications created using programming languages, libraries, services, and 
tools supported by the provider.3 The consumer does not manage or control 
the underlying cloud infrastructure including network, servers, operating 
systems, or storage, but has control over the deployed applications and 
possibly configuration settings for the application-hosting environment. 
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Infrastructure as a Service (IaaS). The capability provided to the consumer is 
to provision processing, storage, networks, and other fundamental computing 
resources where the consumer is able to deploy and run arbitrary software, 
which can include operating systems and applications. The consumer does not 
manage or control the underlying cloud infrastructure but has control over 
operating systems, storage, and deployed applications; and possibly limited 
control of select networking components (e.g., host firewalls). 


Deployment Models 


Private cloud. The cloud infrastructure is provisioned for exclusive use by a 
single organization comprising multiple consumers (e.g., business units). It 
may be owned, managed, and operated by the organization, a third party, or 
some combination of them, and it may exist on or off premises. 


Community cloud. The cloud infrastructure is provisioned for exclusive use 
by a specific community of consumers from organizations that have shared 
concerns (e.g., mission, security requirements, policy, and compliance 
considerations). It may be owned, managed, and operated by one or more of 
the organizations in the community, a third party, or some combination of 
them, and it may exist on or off premises. 


Public cloud. The cloud infrastructure is provisioned for open use by the 
general public. It may be owned, managed, and operated by a business, 
academic, or government organization, or some combination of them. It exists 
on the premises of the cloud provider. 


Hybrid cloud. The cloud infrastructure is a composition of two or more 
distinct cloud infrastructures (private, community, or public) that remain 
unique entities, but are bound together by standardized or proprietary 
technology that enables data and application portability (e.g., cloud bursting 
for load balancing between clouds).” 


You can access your “data in the cloud” from a client as simple as a 
y 


smartphone or tablet, no big desktop computer is required. At the same time, 
you can use these small appliances to log into your cloud-based virtual 
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computer cluster, and control the running of programs with a simple 
application on your end. This is getting close to magic. 


The technical aspects of Cloud Computing are simple and well understood. 
The implications and the business models are still evolving. 


Security in the Cloud 


There is naturally a concern about sending your data and proprietary programs 
off somewhere nebulous. Cloud-based systems require new and innovative 
security measures. 


Cloud security is a barrier to adoption for many users. 


The issues of physical security for the cloud facility is well understood from 
previous architectures of large data centers and data repositories. The issue of 
secure data access can also be addressed, but this is a more serious concern. 
As with any system, absolute security cannot be achieved. Layered security 
and threat assessment provide levels of security for Cloud centers that are 
comparable to commercial and military standards for protection of physical 
and data resources. 
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Glossary of terms 


1’s complement — a binary number representation scheme for negative values. 

2’s complement — another binary number representation scheme for negative 
values. 

Abandonware — software product, no longer supported 

Accumulator — a register to hold numeric values during and after an operation. 

ACM - Association for Computing Machinery; professional organization. 

Ada — a programming language named after Ada Augusta, Countess of 

Lovelace, and 

daughter of Lord Byron; arguably, the first programmer. Collaborator with 
Charles 
Babbage. 

ALU ~ arithmetic logic unit. 

Android — an operating system based on Linux, popular for smart phones and 
tablet computers. 

ANSI — American National Standards Institute 

API — application program interface; specification for software modules to 
communicate. 

ARM — Acorn RISC machine; a 32-bit architecture with wide application in 
embedded systems. 

Arpanet — Advanced Research Projects Agency (U.S.), first packet switched 
network, 1968. 

ASCII - American Standard Code for Information Interchange, a 7-bit code; 
developed for teleprinters. 

Assembly language — low level programming language specific to a 

particularISA. 

Async — asynchronous; using different clocks. 

Babbage, Charles —early 19th century inventor of mechanical computing 
machinery to solve difference equations, and output typeset results; 
later machines would be fully programmable. 

Baud — symbol rate; may or may not be the same as bit rate. 

Baudot — a five-bit code used with teleprinters. 

BCD — binary coded decimal. 4-bit entity used to represent 10 different 
decimal digits; with 6 spare states. 

Beowulf — clustering technology for linux-based computers. 

Big-endian — data format with the most significant bit or byte at the lowest 
address, or transmitted first. 
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Binary — using base 2 arithmetic for number representation. 

BIOS — basic input output system; first software run after boot. 

BIST — built-in self test. 

Bit — smallest unit of digital information; two states. 

Blackbox — functional device with inputs and outputs, but no detail on the 
internal workings. 

Blade Server — a streamlined single-board server computer for rack mount. 

Boolean — a data type with two values; an operation on these data types; 
named after George Boole, mid-19th century inventor of Boolean 


algebra. 

Bootstrap — a startup or reset process that proceeds without external 
intervention. 

Bsd — Berkeley Software Distribution version of the Bell Labs Unix operating 
system. 


Buffer — a temporary holding location for data. 

Bug — an error in a program or device. 

Bus — data channel, communication pathway for data transfer. 

Byte — ordered collection of 8 bits; values from 0-255 

C — programming language from Bell Labs, circa 1972. 

Cache — faster and smaller intermediate memory between the processor and 
main memory. 

Cache coherency — process to keep the contents of multiple caches consistent, 

Chip — integrated circuit component. 

Clock — periodic timing signal to control and synchronize operations. 

Cloud Server — a virtual private server that can be modified during runtime, or 
moved to a different host. 

Complement — in binary logic, the opposite state. 

Compilation — software process to translate source code to assembly or 
machine code (or error codes). 

Coprocessor — another processor to supplement the operations of the main 
processor. Used for floating point, video, etc. Usually relies on the 
main processor for instruction fetch; and control. 

Core — early non-volatile memory technology based on ferromagnetic toroids. 

Cots — commercial, off-the-shelf. 

CPU — central processing unit. 

Daemon — in multitasking, a program that runs in the background. 

Dalvik — the virtual machine in the Android operating system. 

Dataflow — computer architecture where a changing value forces recalculation 
of dependent values. 
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Datagram — message on a packet switched network; the delivery, arrival time, 
and order of arrival are not guaranteed. 

DDR -— dual data rate (memory). 

Deadlock — a situation in which two or more competing actions are each 
waiting for the other to finish, and thus neither ever does. 

Denorm — in floating point representation, a non-zero number with a 
magnitude less than the smallest normal number. 

Device driver — specific software to interface a peripheral to the operating 
system. 

Digital — using discrete values for representation of states or numbers. 

Dirty bit — used to signal that the contents of a cache have changed. 

DMA - direct memory access (to/from memory, for I/O devices). 

Doubleword — two words; if word = 8 bits, double word = 16 bits. 

Dram — dynamic random access memory 

DSP — digital signal processing. 

EJA — Electronics Industry Association. 

Embedded system — a computer systems with limited human interfaces and 
performing specific tasks. Usually part of a larger system. 

Eprom — erasable programmable read-only memory. 

EEprom — electrically erasable read-only memory. 

Ethernet — 1980’s networking technology. IEEE 802.3. 

Exception — interrupt due to internal events, such as overflow. 

Fetch/execute cycle — basic operating cycle of a computer; fetch the 
instruction, execute the instruction. 

Firmware — code contained in a non-volatile memory. 

Fixed point — computer numeric format with a fixed number of digits or bits, 

and a fixed 

radix point. Integers. 

Flag — a binary indicator. 

Flash memory — a type of non-volatile memory, similar to EEprom. 

Floating point — computer numeric format for real numbers; has significant 
digits and an exponent. 

Forth — stack-oriented programming language 

FPGA -— field programmable gate array. 

FPU — floating point unit, an ALU for floating point numbers. 

Giga - 10° or 2°° 

Gnu — recursive acronym; gnu (is) not unix. Operating system that is free 
software. 

GPL — gnu public license used for free software; referred to as the “copyleft.” 
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GPU — graphics processing unit. ALU for graphics data. 

Handshake — co-ordination mechanism. 

Harvard architecture — memory storage scheme with separate instructions and 
data. 

Hexadecimal — base 16 number representation. 

Hexadecimal point — radix point that separates integer from fractional values 
of hexadecimal numbers. 

Hypervisor — virtual machine manager. Can manage multiple operating 
systems. 

IDE — Integrated development environment for software; also a popular 
interface for storage devices such as disk and cd/dvd/ 

IEEE — Institute of Electrical and Electronic Engineers. Professional 
organization and standards body. 

IEEE-754 — standard for floating point representation and operations. 

Infinity - the largest number that can be represented in the number system. 

Integer — the natural numbers, zero, and the negatives of the natural numbers. 

Interrupt — an asynchronous event to signal a need for attention (example: the 
phone rings). 

Interrupt vector — entry in a table pointing to an interrupt service routine; 
indexed by interrupt number. 

I/O — Input-output from the computer to external devices, or a user interface. 

IP — intellectual property; also internet protocol. 

ISA — instruction set architecture, the software description of the computer. 

ISO — International Standards Organization. 

ISR — interrupt service routine, a subroutine that handles a particular interrupt 
event. 

Java — programming language that targets the Java Virtual Machine. 

Kernel — main portion of the operating system. Interface between the 
applications and the hardware. 

Kilo —a prefix for 10° or 2'° 

LAN -— local area network. 

Latency — time delay. 

Linux — unix-like operating system developed by Linus Torvalds; open 
source. 

LISP — programming language for list processing (1958). 

List — a data structure. 

Little-endian — data format with the least significant bit or byte at the highest 
address, or transmitted last. 

Logic operation — generally, negate, AND, OR, XOR, and their inverses. 
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Logo — programming language for education and robotics, based on LISP 
(1967). 

Loop-unrolling — optimization of a loop for speed at the cost of space. 

LRU — least recently used; an algorithm for item replacement in a cache. 

LSB — least significant bit or byte. 

LUT - look up table. 

Machine language — native code for a particular computer hardware. 

Mainframe — a computer you can’t lift. 

Malware — malicious software; virus, worm, Trojan, spyware, adware, and 

such. 

Mantissa — significant digits (as opposed to the exponent) of a floating point 

value. 

Master-slave — control process with one element in charge. Master status may 

be exchanged among elements. 

Math operation — generally, add, subtract, multiply, divide. 

Mega - 10° or 2” 

Memory leak — when a program uses memory resources but does not release 

them, leading to a lack of available memory. 

Memory scrubbing — detecting and correcting bit errors. 

Mesh — a highly connected network. 

MESI — modified, exclusive, shared, invalid state of a cache coherency 

protocol. 

Metaprogramming — programs that produce or modify other programs. 

Microcode — hardware level data structures to translate machine instructions 

into sequences of circuit level operations. 

Microcontroller — microprocessor with included memory and/or I/O. 

Microprocessor — a monolithic cpu on a chip. 

MIMD — multiple instruction, multiple data 

Minicomputer — smaller than a mainframe, larger than a pc. 

Minix — Unix-like operating system; free and open source. 

Mips — millions of instructions per second; sometimes used as a measure of 
throughput; also, a RISC CPU chip (Microprocessor without 
Interlocked Pipeline Stages). 

MMU — memory management unit; translates virtual to physical addresses. 

MSB — most significant bit or byte. 

Multiplex — combining signals on a communication channel by sampling. 

Mutex — a data structure and methodology for mutual exclusion. 

Multicore — multiple processing cores on one substrate or chip; need not be 
identical. 
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NAN - not-a-number; invalid bit pattern. 

NAND ~- negated (or inverse) AND function. 

NDA -— non-disclosure agreement; legal agreement protecting IP. 

Nibble — 4 bits, % byte. 

NIST — National Institute of Standards and Technology (US), previously, 

National Bureau of Standards. 

NMI - non-maskable interrupt; cannot be ignored by the software. 

NOR -— negated (or inverse) OR function 

Normalized number — in the proper format for floating point representation. 

NRE — non-recurring engineering; one-time costs for a project. 

Numa — non-uniform memory access for multiprocessors; local and global 

memory access protocol. 

NVM -— non-volatile memory. 

Octal — base 8 number. 

Off-the-shelf — commercially available; not custom. 

Opcode — part of a machine language instruction that specifies the operation 
to be performed. 

Open source — methodology for hardware or software development with free 
distribution and access. 

Operating system — software that controls the allocation of resources in a 
computer. 

OSI — Open systems interconnect model for networking, from ISO. 

Overflow - the result of an arithmetic operation exceeds the capacity of the 
destination. 

Packet — a small container; a block of data on a network. 

Paging — memory management technique using fixed size memory blocks. 

Paradigm — a pattern or model 

Paradigm shift — a change from one paradigm to another. Disruptive or 
evolutionary. 

Parallel — multiple operations or communication proceeding simultaneously. 

Parity — an error detecting mechanism involving an extra check bit in the 
word. 

Pascal — a programming language (circa 1970). 

Pc — personal computer, politically correct, program counter. 

Peta - 10'° or 2°° 

Pipeline — operations in serial, assembly-line fashion. 

Posix — portable operating system interface, IEEE standard. 

PROM -— programmable read-only memory. 

Python — programming language. 
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Quad word — four words. If word = 16 bits, quad word is 64 bits. 

Queue — first in, first out data buffer structure; hardware of software. 

RAID — random array of inexpensive disks; using commodity disk drives to 
build large storage arrays. 

Radix point — separates integer and fractional parts of a real number. 

RAM — random access memory; any item can be access in the same time as 
any other. 

Register — temporary storage location for a data item. 

Reset — signal and process that returns the hardware to a known, defined state. 

RISC — reduced instruction set computer. 

ROM - read only memory. 

Router — networking component for packets. 

Real-time — system that responds to events in a predictable, bounded time. 

RS-232 — EIA telecommunications standard (1962), serial with handshake. 

SAM -— sequential access memory, like a magnetic tape. 

SATA - serial ATA, a storage media interconnect. 

Sandbox — an isolated and controlled environment to run untested or 
potentially malicious code. 

Script — a program for an interpreter. Used to automate tasks. 

SDRAM -— synchronous dynamic random access memory. 

Segmentation — dividing a network or memory into sections. 

Self-modifying code — computer code that modifies itself as it run; hard to 
debug 

Semiconductor — material with electrical characteristics between conductors 
and insulators; basis of current technology processor and memory 
devices. 

Semaphore —signaling element among processes. 

Serial — bit by bit. 

Server — a computer running services on a network. 

Shift — move one bit position to the left or right in a word. 

Sign-magnitude — number representation with a specific sign bit. 

Signed number — representation with a value and a numeric sign. 

SIMD — single instruction, multiple data. 

SIMMs — single in-line memory module. 

SOC — system on chip 

Software — set of instructions and data to tell a computer what to do. 

SMP — symmetrical multiprocessing. 

Snoop — monitor packets in a network, or data in a cache 

SRAM - static random access memory. 
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Stack — first in, last out data structure. Can be hardware of software. 

Stack pointer — a reference pointer to the top of the stack. 

State machine — model of sequential processes. 

Superscalar — computer with instruction-level parallelism, by replication of 
resources. 

Synchronous — using the same clock to coordinate operations. 

System — a collection of interacting elements and relationships with a specific 
behavior. 

System of Systems — a complex collection of systems with pooled resources. 

Table — data structure. Can be multi-dimensional. 

Tera - 10” or 2” 

Test-and-set — coordination mechanism for multiple processes that allows 
reading to a location and writing it in a non-interruptible manner. 

TCP/IP — transmission control protocol/internet protocol; layered set of 
protocols for networks. 

Thin Client — a computer that is primarily designed to interface with a larger 
machine via networking. 

Thread — smallest independent set of instructions managed by a 
multiprocessing operating system. 

Thumb — an instruction set and operating mode for the ARM processor. 

Thunk — create a 16-bit virtual dos machine in a 32- bit environment. 

TLB — translation lookaside buffer — a cache of addresses. 

Transceiver — receiver and transmitter in one box. 

Transputer — a microcomputer on a chip by Inmos Corp., circa 1980. 
Innovative communication mechanism using serial links. 

TRAP — exception or fault handling mechanism in a computer; an operating 
system component. 

Truncate — discard. 

TTL — transistor-transistor logic in digital integrated circuits. (circa 1963) 

Ubuntu — linux variant. 

Underflow — the result of an arithmetic operation is smaller than the smallest 
representable number. 

USB — universal serial bus. 

Unsigned number — a number without a numeric sign. 

Vector — single dimensional array of values. 

Virtual Appliance - a virtual machine image for a specific application. 

Virtual memory — memory management technique using address translation. 

Virtual private server — a virtual machine provided by an Internet hosting 
service. 
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Virtualization — creating a virtual resource from available physical resources. 

Virus — malignant computer program. 

VLIW — very long instruction word — mechanism for parallelism. 

VxWorks — real time operating system from WindRiver Corp. 

Von Neumann, John - a computer pioneer and mathematician; realized that 
computer instructions are data. 

Wiki — the Hawaiian word for “quick.” Refers to a collaborative content 
website. 

Word — a collection of bits of any size; does not have to be a power of two. 

Write-back — cache organization where the data is not written to main 
memory until the Cache location is needed for re-use. 

Write-only — of no interest. 

Write-through — all cache writes also go to memory. 

X86 — Intel -16, -32, 64-bit ISA. 

XEN — Hypervisor, University of Cambridge, UK. 

XOR — exclusive OR; either but not both. 

Zener — voltage reference diode. 

Zero address — architecture using implicit addressing, like a stack. 
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